Error in ECDSA key selection

[benoiton]

(New issue here after softhsm/SoftHSMv2#784)

On Debian testing, with:

• softhsm2 2.6.1-2.1
• openssl 3.4.0-2
• libengine-pkcs11-openssl 0.4.12-0.1
• opensc and opensc-pkcs11 0.26.0-1

Error with ECDSA key selected by label

$ LIB=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so
$ OPENSSL_CONF=''

$ softhsm2-util --init-token --free --label test --pin 0000 --so-pin 1234

Slot 0 has a free/uninitialized token.
The token has been initialized and is reassigned to slot 1593542882

$ pkcs11-tool --module $LIB --token-label test --login --pin 0000 --keypairgen --key-type EC:prime256v1 --usage-sign --label a

Key pair generated:
Private Key Object; EC
  label:      a
  Usage:      decrypt, sign, signRecover, unwrap
  Access:     sensitive, always sensitive, never extractable, local
  uri:        pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=0907bfef807ea907;token=test;object=a;type=private
Public Key Object; EC  EC_POINT 256 bits
  EC_POINT:   044104d7ea71c30b6a33ce6565a1dbe76b1fed48190a6e22da3e93fa53cc4d8e91335a8f05ae4ff18db8294b8006b841b01352b56c647f7a6c765f536b30b16bb344b8
  EC_PARAMS:  06082a8648ce3d030107 (OID 1.2.840.10045.3.1.7)
  label:      a
  Usage:      encrypt, verify, verifyRecover, wrap
  Access:     local
  uri:        pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=0907bfef807ea907;token=test;object=a;type=public

$ pkcs11-tool --module $LIB --token-label test --login --pin 0000 --keypairgen --key-type EC:prime256v1 --usage-sign --label b

Key pair generated:
Private Key Object; EC
  label:      b
  Usage:      decrypt, sign, signRecover, unwrap
  Access:     sensitive, always sensitive, never extractable, local
  uri:        pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=0907bfef807ea907;token=test;object=b;type=private
Public Key Object; EC  EC_POINT 256 bits
  EC_POINT:   044104d1230a0c45bbc6b781e3b0f3a44497833b25548a9fdbe40624e6698cd0023f7632bb6c4339f3b41d1bd4760e377850bc3e2b6a44eb2200c1ed8ee58161d87a82
  EC_PARAMS:  06082a8648ce3d030107 (OID 1.2.840.10045.3.1.7)
  label:      b
  Usage:      encrypt, verify, verifyRecover, wrap
  Access:     local
  uri:        pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=0907bfef807ea907;token=test;object=b;type=public

Create and verify CSR

$ openssl req -engine pkcs11 -keyform engine -new -subj "/CN=a" -out a.csr -key "pkcs11:token=test;pin-value=0000;object=a"

Engine "pkcs11" set.

$ openssl req -engine pkcs11 -keyform engine -new -subj "/CN=b" -out b.csr -key "pkcs11:token=test;pin-value=0000;object=b"

Engine "pkcs11" set.

$ openssl req -noout -verify -in a.csr 

Certificate request self-signature verify OK

$ openssl req -noout -verify -in b.csr 

Warning: CSR self-signature does not match the contents
Certificate request self-signature verify failure
40270299F77F0000:error:06880006:asn1 encoding routines:ASN1_item_verify_ctx:EVP lib:../crypto/asn1/a_verify.c:218:
40270299F77F0000:error:06880006:asn1 encoding routines:ASN1_item_verify_ctx:EVP lib:../crypto/asn1/a_verify.c:218:

If key b is created before key a, b.csr is ok and a.csr is wrong.

There is no issue with RSA:2048 keys.

ASN.1 analysis

$ openssl asn1parse -i -in a.csr -dump

    0:d=0  hl=3 l= 199 cons: SEQUENCE          
    3:d=1  hl=2 l= 110 cons:  SEQUENCE          
    5:d=2  hl=2 l=   1 prim:   INTEGER           :00
    8:d=2  hl=2 l=  12 cons:   SEQUENCE          
   10:d=3  hl=2 l=  10 cons:    SET               
   12:d=4  hl=2 l=   8 cons:     SEQUENCE          
   14:d=5  hl=2 l=   3 prim:      OBJECT            :commonName
   19:d=5  hl=2 l=   1 prim:      UTF8STRING        :a
   22:d=2  hl=2 l=  89 cons:   SEQUENCE          
   24:d=3  hl=2 l=  19 cons:    SEQUENCE          
   26:d=4  hl=2 l=   7 prim:     OBJECT            :id-ecPublicKey
   35:d=4  hl=2 l=   8 prim:     OBJECT            :prime256v1
   45:d=3  hl=2 l=  66 prim:    BIT STRING        
      0000 - 00 04 d7 ea 71 c3 0b 6a-33 ce 65 65 a1 db e7 6b   ....q..j3.ee...k
      0010 - 1f ed 48 19 0a 6e 22 da-3e 93 fa 53 cc 4d 8e 91   ..H..n".>..S.M..
      0020 - 33 5a 8f 05 ae 4f f1 8d-b8 29 4b 80 06 b8 41 b0   3Z...O...)K...A.
      0030 - 13 52 b5 6c 64 7f 7a 6c-76 5f 53 6b 30 b1 6b b3   .R.ld.zlv_Sk0.k.
      0040 - 44 b8                                             D.
  113:d=2  hl=2 l=   0 cons:   cont [ 0 ]        
  115:d=1  hl=2 l=  10 cons:  SEQUENCE          
  117:d=2  hl=2 l=   8 prim:   OBJECT            :ecdsa-with-SHA256
  127:d=1  hl=2 l=  73 prim:  BIT STRING        
      0000 - 00 30 46 02 21 00 bc 25-77 10 b1 13 9f d7 97 23   .0F.!..%w......#
      0010 - 1f 28 74 e5 05 9e af 57-60 39 59 fe 91 ed d8 48   .(t....W`9Y....H
      0020 - e2 60 89 61 7d 10 02 21-00 f3 d1 cd da fa 33 ab   .`.a}..!......3.
      0030 - 8f d8 03 2d 09 67 9d 17-bb a1 4a 7d 30 29 85 a4   ...-.g....J}0)..
      0040 - 23 d4 76 07 d2 09 5c 36-39                        #.v...\69

$ openssl asn1parse -i -in b.csr -dump

    0:d=0  hl=3 l= 198 cons: SEQUENCE          
    3:d=1  hl=2 l= 110 cons:  SEQUENCE          
    5:d=2  hl=2 l=   1 prim:   INTEGER           :00
    8:d=2  hl=2 l=  12 cons:   SEQUENCE          
   10:d=3  hl=2 l=  10 cons:    SET               
   12:d=4  hl=2 l=   8 cons:     SEQUENCE          
   14:d=5  hl=2 l=   3 prim:      OBJECT            :commonName
   19:d=5  hl=2 l=   1 prim:      UTF8STRING        :b
   22:d=2  hl=2 l=  89 cons:   SEQUENCE          
   24:d=3  hl=2 l=  19 cons:    SEQUENCE          
   26:d=4  hl=2 l=   7 prim:     OBJECT            :id-ecPublicKey
   35:d=4  hl=2 l=   8 prim:     OBJECT            :prime256v1
   45:d=3  hl=2 l=  66 prim:    BIT STRING        
      0000 - 00 04 d7 ea 71 c3 0b 6a-33 ce 65 65 a1 db e7 6b   ....q..j3.ee...k
      0010 - 1f ed 48 19 0a 6e 22 da-3e 93 fa 53 cc 4d 8e 91   ..H..n".>..S.M..
      0020 - 33 5a 8f 05 ae 4f f1 8d-b8 29 4b 80 06 b8 41 b0   3Z...O...)K...A.
      0030 - 13 52 b5 6c 64 7f 7a 6c-76 5f 53 6b 30 b1 6b b3   .R.ld.zlv_Sk0.k.
      0040 - 44 b8                                             D.
  113:d=2  hl=2 l=   0 cons:   cont [ 0 ]        
  115:d=1  hl=2 l=  10 cons:  SEQUENCE          
  117:d=2  hl=2 l=   8 prim:   OBJECT            :ecdsa-with-SHA256
  127:d=1  hl=2 l=  72 prim:  BIT STRING        
      0000 - 00 30 45 02 20 0d 64 3c-31 58 d0 f3 c7 e5 15 6b   .0E. .d<1X.....k
      0010 - aa e2 4d 52 f7 2c 58 a2-ef 3c 42 4c aa b0 11 df   ..MR.,X..<BL....
      0020 - e8 a9 c7 fa c4 02 21 00-98 8e af be 12 94 ab ca   ......!.........
      0030 - 06 c6 e0 43 20 98 df 92-e4 93 cf a3 8c b5 b4 86   ...C ...........
      0040 - 7e d8 3a 7d 3a 95 f7 e3-                          ~.:}:...

As I understand b.csr includes public key a.

OK when ECDSA key selected by ID

Creating and selecting keys with id (token reset)

$ pkcs11-tool --module $LIB --token-label test --login --pin 0000 --keypairgen --key-type EC:prime256v1 --usage-sign --label a --id 01
$ pkcs11-tool --module $LIB --token-label test --login --pin 0000 --keypairgen --key-type EC:prime256v1 --usage-sign --label b --id 02
$ openssl req -engine pkcs11 -keyform engine -new -subj "/CN=a" -out 01.csr -key "pkcs11:token=test;pin-value=0000;id=%01"
$ openssl req -engine pkcs11 -keyform engine -new -subj "/CN=b" -out 02.csr -key "pkcs11:token=test;pin-value=0000;id=%02"
$ openssl req -noout -verify -in 01.csr
$ openssl req -noout -verify -in 02.csr

01.csr and 02.csr are OK.

Stranger: OK when creating keys with ID and selecting them with label

$ pkcs11-tool --module $LIB --token-label test --login --pin 0000 --keypairgen --key-type EC:prime256v1 --usage-sign --label a --id 01
$ pkcs11-tool --module $LIB --token-label test --login --pin 0000 --keypairgen --key-type EC:prime256v1 --usage-sign --label b --id 02
$ openssl req -engine pkcs11 -keyform engine -new -subj "/CN=a" -out 01.csr -key "pkcs11:token=test;pin-value=0000;object=a"
$ openssl req -engine pkcs11 -keyform engine -new -subj "/CN=b" -out 02.csr -key "pkcs11:token=test;pin-value=0000;object=b"
$ openssl req -noout -verify -in 01.csr
$ openssl req -noout -verify -in 02.csr

01.csr and 02.csr are also OK.

[dengert]

I now thing the error is related to not defining a unique CK_ID for each key.

With PKCS11, CKA_KEY_TYPE=CKK_ECC keys, the private key CKA_CLASS=CKO_PRIVATE_KEY do not contain the public key. CKA_KEY_TYPE=CKK_ECC keys the public key CKA_CLASS=CKO_PUBLIC_KEY has the CKA_EC_POINT.

In the following spy log of openssl req for key 1
pkcs11.spy.log

18: C_FindObjectsInit requests the CKO_PRIVATE_KEY with the label key 1
It then gets a few attributes of the key including CKA_ID which returns 0.

30: C_GetAttributeValue gets the CKA_EC_PARAMS i.e. the curveName OID
31: C_GetAttributeValue tries to get the CKA_EC_POINT which is invalid.
32: C_FindObjectsInit then starts the search for the CKO_PUBLIC_KEY but it does not add the label in the C_FindObjectsInit
It the goes on the get the CKA_LABEL and CKA_EC_POINT

Your setup and mine might be different, but suspect because it did not search for the label,
on the second CSR if would have found the first CKO_PUBLIC_KEY.

The tests with RSA should find the public key, because both the private and public keys have the public key, so no need
to search for the CKO_PUBLIC_KEY.

In mine the second CSR gets a different error because it will not try a pin against multiple tokens, as tokens usually have different pins and may lock it out.

PKCS#11: Initializing the engine: /opt/ossl-3.4.0/lib/pkcs11-spy.so
Found 3 slots
Looking in slots for private key without login: label=key2
- [501068898] SoftHSM slot ID 0x1dddb46  login                                 (test)
- [1843908680] SoftHSM slot ID 0x6de7d04  login                                 (test)
- [2] SoftHSM slot ID 0x2        uninitialized, login                  (no label)
Found slot:  SoftHSM slot ID 0x1dddb462
Found token: test
Found slot:  SoftHSM slot ID 0x6de7d048
Found token: test
Looking in slots for private key with login: label=key2
- [501068898] SoftHSM slot ID 0x1dddb46  login                                 (test)
- [1843908680] SoftHSM slot ID 0x6de7d04  login                                 (test)
- [2] SoftHSM slot ID 0x2        uninitialized, login                  (no label)
Multiple matching slots (2); will not try to login
- [1] SoftHSM slot ID 0x1dddb462: test
- [2] SoftHSM slot ID 0x6de7d048: test
The private key was not found at: pkcs11:token=test;pin-value=0000;object=key2
PKCS11_get_private_key returned NULL

[benoiton]

Sorry, the explanation is beyond my understanding.

For information, I forgot to mention it does work with Nitrokey HSM (v1).

[dengert]

Sorry, the explanation is beyond my understanding.

OK, here are some docs that may help.
Oasis has versions 2.4, 3.0 and 3.1 These come in base (common stuff) and curr mech specific stuff)
2.4 and 3.0 can be found here and the EC is about the same in both version.
https://docs.oasis-open.org/pkcs11/pkcs11-base/
https://docs.oasis-open.org/pkcs11/pkcs11-curr/

https://datatracker.ietf.org/doc/html/rfc7512
"The URI scheme is based on how PKCS #11 objects, tokens, slots, and libraries are identified in "PKCS #11 v2.20: Cryptographic Token Interface Standard". And is designed to make it easier to find an object like a key in a token among many tokens.

A "library" is usually a "module'.

I am familiar with NitroKey with OpenPGP, but not with their HSM.

What is the URI used in the opessl csr command for the NitroKey?

It looks like the distros also use p11-kit which loads multiple PKCS11 modules from /usr/share/p11-kit/modules
In my XUbuntu-24.04 it has: gnome-keyring.module opensc-pkcs11.module p11-kit-trust.module softhsm2.module tpm2_pkcs11.module So in you case NitroKey maybe using the opensc-pkcs11.module.

[benoiton]

I do confirm Nitrokey uses opensc-pkcs11 (/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so).

Key is created by pkcs11-tool --module $LIB --login --keypairgen --key-type EC:prime256v1 --usage-sign --label $NAME

URI in openssl.cnf (for openssl req) is pkcs11:serial=XXXX;object=$NAME

[dengert]

The serial= will help find the correct token from all the pkcs11 modules that are loaded by p11-kit

But pkcs11:serial=XXXX;object=$NAME in openssl.cnf does not look right. (Did you mean openssl.conf?)
and in you original you had OPENSSL_CONF='' which I thing will cause an command that uses a openssl.conf to use the default
openssl.conf

https://docs.openssl.org/3.4/man5/config/ discribs the config file. The distro may have added entries for the how to load an engine
Can you print out the default openssl.conf? or the one you modified?

The URI is meant to be be from the command line of the -key parameter https://docs.openssl.org/3.4/man1/openssl-req/

With the original problem, you were using -engine pkcs11 -keyform engine -key pkcs11:token=test;pin-value=0000;object=a
which tells OpenSSL to look for engine named pkcs11 in the lib/engines-3/ directory and pass in whatever followed the <engine>:
which is token=test;pin-value=0000;object=a

So I still don't know what is failing now when you use the softhsm2 pkcs11 module.

The URI and PKCS11 is split in to two parts, ones that find a token(s) then the attributes needed to find whatever you are looking for and return just one.

I have been around with a script that starts with softhsm2-util --delete-token --token test because I found you could multiple "tokens" with the same label.

[dengert]

PKCS11 says: "The CKA_ID attribute is intended as a means of distinguishing multiple public-key/private-key pairs held by the same subject (whether stored in the same token or not)."

But some tokens or applets on the token do not have a ways to a store a "label" or arbitrary data that could be used for a CKA_ID, but do have a way to have multiple keys and certificates. OpenPGP forces the use of 1, 2, 3 which are used for the CKA_ID.

And as I said before EC keys sometimes need to find the the public key from the private key, and the CKA_ID is expected to be there even though PKCS11 goes on to say: " (Since the keys are distinguished by subject name as well as identifier, it is possible that keys for different subjects may have the same CKA_ID value without introducing any ambiguity.)

Most smart cards have limitations which make it impossible to fully comply with PKCS11.
I suggest you add CKA_ID to certs, public keys and private keys unique at least to the token, and do not depend on the object label alone.

[benoiton]

I'm sorry, I responded too rapidly and I mixed environments. I use openssl.conf in my project, whereas I simplified the environment to pin my issue here.

Test with my NitroKey HSMv1:

$ LIB=/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so

$ OPENSSL_CONF=''

$ pkcs11-tool --module $LIB --login --keypairgen --key-type EC:prime256v1 --usage-sign --label a

pkcs11-tool --module $LIB --login --keypairgen --key-type EC:prime256v1 --usage-sign --label a
Using slot 0 with a present token (0x0)
Logging in to "SmartCard-HSM".
Please enter User PIN: 
Key pair generated:
Private Key Object; EC
  label:      a
  ID:         8b2f13c6b7b7ddbefaeabf6d70f004047cac9c9d
  Usage:      sign, signRecover
  Access:     sensitive, always sensitive, never extractable, local
  uri:        pkcs11:model=PKCS%2315%20emulated;manufacturer=www.CardContact.de;serial=ABCD1234567;token=SmartCard-HSM;id=%8b2f13c6b7b7ddbefaeabf6d70f004047cac9c9d;object=a;type=private
Public Key Object; EC  EC_POINT 256 bits
  EC_POINT:   044104ac133154846bd6eda2ac46fa2315cda0c406558c04c6773e668f73ea3bf97624b9eb5be21bece31bda79f822aa77d7fa566cafac425fb5486a120ea2a1a2b2af
  EC_PARAMS:  06082a8648ce3d030107 (OID 1.2.840.10045.3.1.7)
  label:      a
  ID:         8b2f13c6b7b7ddbefaeabf6d70f004047cac9c9d
  Usage:      verify, verifyRecover
  Access:     none
  uri:        pkcs11:model=PKCS%2315%20emulated;manufacturer=www.CardContact.de;serial=ABCD1234567;token=SmartCard-HSM;id=%8b2f13c6b7b7ddbefaeabf6d70f004047cac9c9d;object=a;type=public

$ pkcs11-tool --module $LIB --login --keypairgen --key-type EC:prime256v1 --usage-sign --label b

Using slot 0 with a present token (0x0)
Logging in to "SmartCard-HSM".
Please enter User PIN: 
Key pair generated:
Private Key Object; EC
  label:      b
  ID:         ce855e7a5b038d541c10489972dbfc293833e7a4
  Usage:      sign, signRecover
  Access:     sensitive, always sensitive, never extractable, local
  uri:        pkcs11:model=PKCS%2315%20emulated;manufacturer=www.CardContact.de;serial=ABCD1234567;token=SmartCard-HSM;id=%ce855e7a5b038d541c10489972dbfc293833e7a4;object=b;type=private
Public Key Object; EC  EC_POINT 256 bits
  EC_POINT:   0441041b9442ba7195941abb2c4f231f82cd6e3390a1b25717d8437f9ebaaf43277cc1c057e5509a8336fa8dd86b4e5101e8a9596633bdf327e4f976c406855140ec86
  EC_PARAMS:  06082a8648ce3d030107 (OID 1.2.840.10045.3.1.7)
  label:      b
  ID:         ce855e7a5b038d541c10489972dbfc293833e7a4
  Usage:      verify, verifyRecover
  Access:     none
  uri:        pkcs11:model=PKCS%2315%20emulated;manufacturer=www.CardContact.de;serial=ABCD1234567;token=SmartCard-HSM;id=%ce855e7a5b038d541c10489972dbfc293833e7a4;object=b;type=public

$ openssl req -engine pkcs11 -keyform engine -new -subj "/CN=a" -out a.csr -key "pkcs11:token=SmartCard-HSM;object=a"

Engine "pkcs11" set.
Enter PKCS#11 token PIN for SmartCard-HSM:

$ openssl req -engine pkcs11 -keyform engine -new -subj "/CN=b" -out b.csr -key "pkcs11:token=SmartCard-HSM;object=b"

Engine "pkcs11" set.
Enter PKCS#11 token PIN for SmartCard-HSM:

$ openssl req -noout -verify -in a.csr

Certificate request self-signature verify OK

$ openssl req -noout -verify -in b.csr

Certificate request self-signature verify OK

[benoiton]

And I do confirm I purged SoftHSM tokens before each test.

[dengert]

See: OpenSC/OpenSC#3326 Which fixes pkcs11-tool to format URI id= correctly when listing objects.

pkcs11-tool expects --id when creating key or cert to be hex digests.

Here is a script I have been using with OpenSSL (3.4.0), libp11 (master) and OpenSC (master) built from github. p11-kit is not used, and softhsm2 is from Ubuntu 24.04 (2.6.1-2.2ubuntu3). SPY is used between libp11 and softhsm2 for both openssl req and in URI "id=" added and is "%" escaped using both upper and lowercase.

test.softhsm2.sh.txt

[benoiton]

On my laptop (Debian stable/testing):

• openssl 3.4.0-2
• libengine-pkcs11-openssl:amd64 0.4.12-0.1
• opensc 0.26.0-1
• opensc-pkcs11 0.26.0-1

I modified openssl and pkcs11-spy.so paths in the script to get them from system.

1. Your script unchanged => ok
2. Your script with id= replaced by object= at key usage => ok
3. Your script with --id remove at key creation and id= replaced by object= at key usage => KO

Do you reproduce the issue?

Do you need my spy logs?

[dengert]

All of this is showing:

1. PKCS11 treats a private key and public key as two seperate objects. OpenSSL treats a key as having two components public and maybe private or reference to an engine that can use the private key.
2. softhsm2 can have many key pairs on a token and can match them via the CKA_LABEL label and/or CKA_ID.
3. libp11 internally finds a private key (and for EC keys looks for the public key on the same token by using only the CKA_ID.) Thus the private key public key and cert will eventually need matching CKA_ID.
4. Different smart cards and tokens force the CKA_ID to specific values, where others and softhsm do not and thus defaults the CKA_ID = 0.
5. CKA_ID is a octet_string (unsigned char[]) and when read or written needs to use hex digits.
6. pkcs11-tool just expects a string of hex digits.
7. RFC 7412 uses "%" escaping for unprintable characters.
8. pkcs11-tool --list-objects when printing a URI does not escape the CKA_ID i.e. id= correctly.
9. A PKCS11 when finding objects using C_FindObjectsInit does this within a session which only looks at one one token. where the slot and token have already been found.
10. RFC 7412 URI provides a way to provide all the info to find an object on any token accessible via PKCS11.

So there are some assumptions and bugs in the above, but there are easy workarounds. When using a URI to use a single object, you need to provide enough info to only select one token, and then provide enough info to only find the one object on the token.

Your script unchanged => ok
Your script with id= replaced by object= at key usage => ok

Works because the softhsm keys were created with a CKA_ID so (2.) and (4.) have a non default CKA_ID

Your script with --id remove at key creation and id= replaced by object= at key usage => KO

This will fail because (4.) default CKA_ID with softhsm is 0 for every object and (2.) where libp11 will use CKA_ID and find the first public key (needed because EC is being used) with CKA_ID on the token (9.)

In my script I had only one softhsm token, but softhsm can have many tokens and I was not using p11-kit.
So the URI I used should followed (10.) because p11-kit could also be looking at TPM and keyring or any token I had plugged in.