Creation of Certificate Sign Requests Fails if Key Pin Policy is Set to Once or Always in Combination with Attestation

Question

Creation of Certificate Sign Requests Fails if Key Pin Policy is Set to Once or Always in Combination with Attestation

tillmann-crabnebula opened this issue 2 years ago · 4 comments

tillmann-crabnebula commented 2 years ago

Used version: yubico-piv-tool --version yubico-piv-tool 2.3.1

Reproduction commands:

Create key on device
yubico-piv-tool --slot 9c --pin 123456 --action verify-pin,generate --pin-policy always --touch-policy never
Create signing request for generated key
yubico-piv-tool --slot 9c --pin 123456 --action verify-pin,request-certificate --attestation --output 9c.csr --subject "/CN=Example/OU=example/O=example@example.com/"
Observe output

Successfully verified PIN.
Failed signing data: Authentication error.
Failed signing request.
C0EBAFB7917F0000:error:06880006:asn1 encoding routines:ASN1_item_sign_ctx:EVP lib:../crypto/asn1/a_sign.c:284:

I saw similar issues mentioning this behavior #383 and some recent changes ubuntu tracker 1988833 ubuntu tracker 1993908 but the issue persists for me.

The above example works once the --pin-policy is set to never or the --attestation flag is removed.

Raw output:

DBG ykpiv.c:589 (ykpiv_connect): Connect reader 'Yubico YubiKey FIDO+CCID 00 00' matching 'Yubikey'.
DBG ykpiv.c:595 (ykpiv_connect): SCardConnect succeeded for 'Yubico YubiKey FIDO+CCID 00 00', protocol=2
DBG ykpiv.c:795 (_ykpiv_transmit): > 00a4040005a00000030800 (11)
DBG ykpiv.c:802 (_ykpiv_transmit): < 61114f0600001000010079074f05a0000003089000 (21)
DBG ykpiv.c:748 (ykpiv_translate_sw): SW_SUCCESS
DBG ykpiv.c:795 (_ykpiv_transmit): > 0020008000 (5)
DBG ykpiv.c:802 (_ykpiv_transmit): < 63c3 (2)
DBG ykpiv.c:775 (ykpiv_translate_sw): SW_63c3
DBG ykpiv.c:795 (_ykpiv_transmit): > 00fd000000 (5)
DBG ykpiv.c:802 (_ykpiv_transmit): < 0504039000 (5)
DBG ykpiv.c:748 (ykpiv_translate_sw): SW_SUCCESS
DBG ykpiv.c:795 (_ykpiv_transmit): > 00f8000000 (5)
DBG ykpiv.c:802 (_ykpiv_transmit): < 011d235e9000 (6)
DBG ykpiv.c:748 (ykpiv_translate_sw): SW_SUCCESS
Now processing for action 'verify-pin'.
Action 'verify-pin' does not need authentication.
DBG ykpiv.c:795 (_ykpiv_transmit): > 0020008008313233343536ffff00 (14)
DBG ykpiv.c:802 (_ykpiv_transmit): < 9000 (2)
DBG ykpiv.c:748 (ykpiv_translate_sw): SW_SUCCESS
Successfully verified PIN.
Now processing for action 'request-certificate'.
Action 'request-certificate' does not need authentication.
DBG ykpiv.c:795 (_ykpiv_transmit): > 00f99c0000 (5)
DBG ykpiv.c:802 (_ykpiv_transmit): < 3082032030820208a003020102021001c9686403336502df36ac80f68378e0300d06092a864886f70d01010b05003021311f301d06035504030c1659756269636f20504956204174746573746174696f6e3020170d3136303331343030303030305a180f32303532303431373030303030305a30253123302106035504030c1a597562694b657920504956204174746573746174696f6e20396330820122300d06092a864886f70d01010105000382010f003082010a0282010100d43c74824d20644a0325f8e2a631418ca5cacc4b8f1bd354ff439e0e967d7e79fa5b6b093e76d0821811771c5ba0f3b13f0ea7a5ecdc9570064bdf9f004a09c6cf6a7971346100 (258)
DBG ykpiv.c:795 (_ykpiv_transmit): > 00c0000000 (5)
DBG ykpiv.c:802 (_ykpiv_transmit): < 343e7971d64eb91b3f1b135a532644664504479ae39c30b1acb1474074901a4f41dbb4137e92df13e6d12916fab0a63f54ceede43cbd0753bf71d461f9916e2a9ae55572cf6fe56b04781a78668b8d697a9fc41aa6f810a68e6f5fdd48700d0db5d715d114ad1edf2ecff56f47e4a365fc37570fb85d7196db1ee4de2b21a7061b314dbd6aa0a0646fcc3988b4cec3d34994e219dc9bde6d87e2413bcbb83a21496cf2807f7ba10817056e8e4bab330e7860804cd2a76ff3bbc5830203010001a34e304c3011060a2b0601040182c40a030304030504033014060a2b0601040182c40a030704060204011d235e3010060a2b0601040182c40a030804020301306100 (258)
DBG ykpiv.c:795 (_ykpiv_transmit): > 00c0000000 (5)
DBG ykpiv.c:802 (_ykpiv_transmit): < 0f060a2b0601040182c40a0309040103300d06092a864886f70d01010b05000382010100554362d01a1dc6d8e8d50ed382a76f365ea2c188c652225e1c03a645d6fd65129faa23d09eb9daeb2788482e0a52503ad07d41f2ddd9828064d38a99392198d2e6a4d30229573849e73f89e92e0eddcb3ac53691d959962feb231af5498b64dd3f847874968fd1194895501bcffc39211a2ceac3e8c25f9dd73375c90533dc16b19eb5aa29d33db06807ba9ebd60a5acd7974868433736362e6c9095ebbf853ad82bc116dfeee4c3d0a1272829f18bae6fae791b0f6e49a4945de26892d7969c73adc5adc8003197a79e3240d57d333e3746c50532768741b44862686124 (258)
DBG ykpiv.c:795 (_ykpiv_transmit): > 00c0000024 (5)
DBG ykpiv.c:802 (_ykpiv_transmit): < f8ee18cc962747c0dc2c3a38b63524d654eb659393487526b4278ed5e1f21a757a5f21569000 (38)
DBG ykpiv.c:748 (ykpiv_translate_sw): SW_SUCCESS
DBG ykpiv.c:795 (_ykpiv_transmit): > 00cb3fff055c035fff0100 (11)
DBG ykpiv.c:802 (_ykpiv_transmit): < 53820302708202fe308202fa308201e2a003020102020900e8c3dd799e433b62300d06092a864886f70d01010b0500302b3129302706035504030c2059756269636f2050495620526f6f742043412053657269616c203236333735313020170d3136303331343030303030305a180f32303532303431373030303030305a3021311f301d06035504030c1659756269636f20504956204174746573746174696f6e30820122300d06092a864886f70d01010105000382010f003082010a0282010100bd3d3e27f411eaca9c15528daabcec90506f7a9d966902b25f81cfed02cf3f6259366eb3108c7222d01f1f68845b8eb4ac392eaf564e995fe3ff717d6d476100 (258)
DBG ykpiv.c:795 (_ykpiv_transmit): > 00c0000000 (5)
DBG ykpiv.c:802 (_ykpiv_transmit): < 56b684a67e85b694b82eb01133d0580e4bcd69bf3ea171fdbe996f0a7a076f66a0db448d8e397777b6d7b40f8f096bc0f8c74e698f67cc5987bc7f962adc18ef9ece40b65572439501250b34cc558135d0cf3d362726dc36438667f2964c1c8457e054cba57f35180da1a791e96822d8655e93f85d5360cbae4dc60762cb8f1cafca132ebd552e14b76e68d3674ea58f5dd2602385edfbc090bc9e99fc2e3f8f36d06f8efdadecd4f5d9a4bc5c6ec90fd58b1a3abebe160f084add1de4c4dc27aef70203010001a32930273011060a2b0601040182c40a0303040305040330120603551d130101ff040830060101ff020100300d06092a864886f70d01010b056100 (258)
DBG ykpiv.c:795 (_ykpiv_transmit): > 00c0000000 (5)
DBG ykpiv.c:802 (_ykpiv_transmit): < 0003820101005b86793d1d9a8db527aa81f55fc3261c26675dfb00f4cd04ab3411f857d24ab77fd8dfbbe518b36f616b06873fbef72adb1639480da142bab69bec363bbe03f51b01f5272d457dceb86c552a0414d12d321aa3175e9552353e7647208bf3ce3a8e6e343b79ee7b83f626d619e9347b8d6518a6e5452599ea86b5d5b0b43e0e24c4e3a60cc7ad66f50aa19ed084dd98d35dbdbf76c22b7cdeff07a1dff1f78474d168e67e1c0a3e2c179bf37e506c6bca5ebc71e52cc36cbd594c22c7148c47cb907329ba6b5dea9adb70cc69cb26b13575be6563b18fe5e3699325ac9abd012b1bdd07ee04c89820d8c1c54f01ada75058b8d9cbec6dac149d036106 (258)
DBG ykpiv.c:795 (_ykpiv_transmit): > 00c0000006 (5)
DBG ykpiv.c:802 (_ykpiv_transmit): < 352223f6983f9000 (8)
DBG ykpiv.c:748 (ykpiv_translate_sw): SW_SUCCESS
DBG ykpiv.c:795 (_ykpiv_transmit): > 1087079cff7c8201068200818201000001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff003031300d0609608648016503040201050004204dd2a91a5273d3f4a5aa91265001ef8e973897832600 (261)
DBG ykpiv.c:802 (_ykpiv_transmit): < 9000 (2)
DBG ykpiv.c:795 (_ykpiv_transmit): > 0087079c0bf8b5948962db394dc679b200 (17)
DBG ykpiv.c:802 (_ykpiv_transmit): < 6982 (2)
DBG ykpiv.c:751 (ykpiv_translate_sw): SW_ERR_SECURITY_STATUS
DBG ykpiv.c:1249 (_general_authenticate): Sign command failed
Failed signing data: Authentication error.
Failed signing request.
C01B991E117F0000:error:06880006:asn1 encoding routines:ASN1_item_sign_ctx:EVP lib:../crypto/asn1/a_sign.c:284:
DBG ykpiv.c:344 (ykpiv_disconnect): Disconnect card

Answer 1 · 2023-02-28T17:13:23.000Z

Yes this is a known issue, the problem is that the tool performs several operations against the device within a single action, hence pin cannot be verified directly before the signing operation, which is required by keys with the always-auth pin policy. There are two PRs implemented to solve this in two different ways, but a decision hasn't been made yet which one to commit to.

Answer 2 · 2023-03-01T10:38:50.000Z

Hey @qpernil thanks for the heads up!
I saw the PRs are around 2 years old, so I don't expect any merge soon. Any recommendation which branch we should use in the meantime?

I would assume #326 is the more simplistic change suited for our case, as it's only affecting the tool and not the library.

Answer 3 · 2023-03-01T12:52:11.000Z

Yes, that's the one most likely to be merged, or something similar.

Answer 4 · 2023-03-13T16:58:32.000Z

I just noticed one thing from the title of this issue - The problem should only manifest if the PIN policy is 'always', i.e. by default only slot 9c.