RSA with ISO/IEC 9796-2 scheme 2 in PKCS11

2

Is there a way to create RSA signature with ISO-9796 scheme 2 using PKCS11 interface? I know there is proper mechanism listed among definitions (or at least I think so): CKM_RSA_9796 0x00000002

But according to ISO Descrption schema 2 requires parameters (i.e salt and trailer), which seems to be conflicting with

6.1.11 ISO/IEC 9796 RSA The ISO/IEC 9796 RSA mechanism, denoted CKM_RSA_9796, is a mechanism for single-part signatures and verification with and without message recovery based on the RSA public-key cryptosystem and the block formats defined in ISO/IEC 9796 and its annex A.

This mechanism does not have a parameter.

I tried to create such signature with (PKCS11 exception is thrown) and without parameters (does not seem to be valid) using PKCS11Interop C# class and HSM simulator. Any help would be appreciated.

EDIT

Code I'm using:

using (Session session = slot[slotIndex].OpenSession(SessionType.ReadOnly))
                    {
                        session.Login(CKU.CKU_USER, callback.GetPassword());

                        List<ObjectAttribute> objectAttributes = new List<ObjectAttribute>();
                        objectAttributes.Add(new ObjectAttribute(CKA.CKA_CLASS, CKO.CKO_PRIVATE_KEY));

                        var prm = new Net.Pkcs11Interop.HighLevelAPI.MechanismParams.CkRsaPkcsPssParams(Convert.ToUInt32(CKM.CKM_SHA256), Convert.ToUInt32(CKG.CKG_MGF1_SHA256),Convert.ToUInt32(20));   
                        Mechanism mchanism = new Mechanism(CKM.CKM_RSA_9796,prm);
                        List<ObjectHandle> foundObjects = session.FindAllObjects(objectAttributes);
                        if (foundObjects != null && foundObjects.Count > 0)
                        {
                            signature = session.SignRecover(mchanism, foundObjects[0], result);
                        }
                        else
                        {
                            throw new DSException("There was a problem with reading private key from token");
                        }
                        session.Logout();
                    }

Exception I'm receiving:

Method C_SignRecoverInit returned CKR_MECHANISM_PARAM_INVALID

Thanks.

encryption
cryptography
rsa
digital-signature
pkcs#11
asked on Stack Overflow Nov 15, 2017 by lasjan • edited Nov 15, 2017 by lasjan

1 Answer

1

Yeah, so I finally figured this out, or at least I think so. Turns out that CKM_RSA_9796 mechanism implements old, not very safe RSA_9796 sign mechanism, which requires message to have length < k/2, where k is private key length. So this was something different that I was looking for. According to fgrieu user commenting on StackExchange:

https://crypto.stackexchange.com/questions/24294/how-do-signrecover-and-verifyrecover-work.

there is NO IMPLEMENTATION of ISO/IEC 9796-2 scheme 2 in PKCS11 at all. I was able to create signature by breaking this process into 2 sub-processes. First one creates MessageRepresentative (as presented in http://www.sarm.am/docs/ISO_IEC_9796-2_2002(E)-Character_PDF_document.pdf) and second one - creating signature using CKM.CKM_RSA_X_509 in PKCS#11 implementation (using MessageRepresentative as input). Hope this will help someone in future.

Thanks for everyone who commented my question.

answered on Stack Overflow Nov 17, 2017 by lasjan

User contributions licensed under CC BY-SA 3.0