-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
espsecure.py sign_data with hsm result in Payload Signing Failed (ESPTOOL-697) #889
Comments
Hello @rretanubun,
Probably we could also start off debugging by checking if we are able to generate a signature externally using the
Let me know if the above command works for you. |
Hello @Harshal5 huhu.bin is generated using
the pkcs11-tool command you shared seems to have error in the command line args? I was not able to execute it.
replacing the out of curiosity, what is the output of this command in your setup? for my NitroKey-HSM2 - FW-version-3.5 it looks like this: |
@rretanubun I have updated the command, could you check running it once?
|
@Harshal5 : Thanks for updating the command hints, I am able to run the command and this is the output for me:
|
@Harshal5: I'm a colleague of Richard's and wanted to ensure we're generating the key as you would expect. The command we used to generate was:
|
@Harshal5 : FYI - I also activated debug messages from OpenSC and checking in on the project on this post OpenSC/OpenSC#2802 |
Yes, I tried generating the key pair using the above command and I was successfully able to generate a signed binary image. I used SoftHSMv2 for verifying the workflow using the following steps: Initialize a new token
Generate the key pair
Create the hsm config file
Generate the signed image using
Following is my output for the above command:
|
@Harshal5: Looking at the error, it seems like it has to do with hashing. I looked into the script and adjusted it so that the hashing occurs on the machine and then only the signature portion occurs in the script. Please take a look at the commit master...mmbnetworks:esptool:nitrokey-hsm2-signing to see what I've changed. Does that approach make sense for now to deploy signed images in the short term using the HSM until we can determine where the underlying issue is around having the HSM perform the HASH + Signature. |
@mmb-davidsmith I am not sure if this would work as I fear due to this parameter it would re-hash the payload. Also if we do not pass that parameter, |
@Harshal5 - @rretanubun is in the process of testing on actual ESP32 hardware, but running an untouched version of the verification tool we're getting
an older version which doesn't even support the HSM gives:
My understanding from the pkcs11 library documentation is that by specifying Looking at the verify path: Lines 820 to 849 in f542148
The hash is being computed locally, and it's explicitly specifying the values for PSS padding which need to be used. Would that not indicate that if it validates, it's using the right parameters on the signing side given the parameters are explicitly specified in the validation function? |
Right, if the verification is successful then it validates the signing process. Also, before trying on the ESP32 hardware, you could also verify by emulating it using qemu for esp32. Here are some sets of instructions to use qemu: https://github.com/espressif/qemu/wiki. |
@Harshal5 : I am able to run @mmb-davidsmith modified version on actual ESP32 HW. I confirmed that both securre_boot_v2 and encrypted_ota image signing check is working. To Can you see if it works in your use case as well? |
If esptool verification works then I think that would confirm the image being correctly signed. |
I think we could close this issue as the issue seems more specific to NitroKey HSM's OpenSC. Also including the above patch would introduce a breaking change as initially we used to expect the image as payload but after the patch we would expect its hash as the payload. |
Closing the issue is ok. I don't agree with your assertion about this being a breaking change. The outcome from the call to the PKCS#11 driver is the same as the original code (in fact I didn't even change the call to |
@mmb-davidsmith There might be use cases where a user directly uses the |
@Harshal5 - I'm confused at the assertion that you're making. Can you walk me through the code path that would fail. As I understand (and use) my change, there is no change to the contract of The change to the Overall, I would think the desire of the tool would be to support signing with a variety of available HSMs. I'm not sure if SoftHSM would be acceptable to production customers as on the face it appears to bypasses the whole point of an HSM (ie, key is stored on physically secured hardware which makes private keys inaccessible). It seems like a good option to support for dev testing, but for production I would expect users to make use of hardware & cloud keys such as options from nitrokey, yubikey, thales, amazon, etc. As such, when issues with such hardware devices are required, they should be considered for inclusion. |
You are absolutely right and I completely agree with you. Our HSM signing feature is tested with following:
Of-course adding NitroKey to the this list is more than desired but I am still failing to understand the hash issue here. I would request that we evaluate this further before coming to any conclusion (especially the upstream issue you filed on OpenSC repo). |
@mmb-davidsmith Oh my bad, the above patch would not be a breaking change. Actually, I had tried such a local implementation for the same and it causes a breaking change. I somehow got confused between both implementations and thus I mentioned the breaking change here. |
There seems to be no update on OpenSC/OpenSC#2802. |
Closing this ticket, as it has been confirmed to be an upstream issue in this tracker: OpenSC/OpenSC#2802 It should get fixed in the next OpenSC release, please follow the related discussion there. |
Operating System
ubuntu 22.04
Esptool Version
4.6.1
Python Version
Python 3.10.6
Full Esptool Command Line that Was Run
python3 bin/espsecure.py sign_data --version 2 --hsm --hsm-config hsm-config.cfg --output huhu-signed.bin huhu.bin espsecure.py v4.6.1
Esptool Output
What is the Expected Behaviour?
sign_data and verify_image works with hsm
More Information
I see the error on
opensc
version0.22.0-1ubuntu2
-- I updated to version0.23.0-0.1ubuntu1
same result on both.
the HSM is nitrokey HSM2 and it passes
pkcs11-tool --login --test
andpkcs15-tool -D
outputs this for the key:Other Steps to Reproduce
No response
The text was updated successfully, but these errors were encountered: