Nitrokey HSM 2: Smart Card Shell error

ljbade · July 24, 2024, 1:49am

I have been getting this strange error with the Smart Card Shell:

Creating outline...
GPError: ASN1 (INVALID_INDEX/1) - "Index is out of range" in /home/leith/Downloads/scsh-3.18.34/scsh/sc-hsm/SmartCardHSM.js#2332
    at /home/leith/Downloads/scsh-3.18.34/scsh/sc-hsm/SmartCardHSM.js#2332
    at /home/leith/Downloads/scsh-3.18.34/keymanager/keymanager.js#1319
    at /home/leith/Downloads/scsh-3.18.34/keymanager/keymanager.js#1233
    at /home/leith/Downloads/scsh-3.18.34/keymanager/keymanager.js#1494
    at /home/leith/Downloads/scsh-3.18.34/keymanager/keymanager.js#294
    at /home/leith/Downloads/scsh-3.18.34/keymanager/keymanager.js#40
    at /home/leith/Downloads/scsh-3.18.34/keymanager/keymanager.js#3053

This happens when I generate an ECC P.521 key pair, then use OpenSSL pkcs11 engine to generate a self signed certificate, then import the certificate with pkcs11-tool.

To fix the error I then need to delete the certificate and private key.

If I import the certificate via the Smart Card Shell GUI, the error doesn’t occur.

The only thing I can think of is that when the certificate is imported with pkcs11-tool the ID of the certificate matches the ID of the public and private key pair. When imported via GUI the certificate gets a different ID value.

ljbade · July 24, 2024, 2:06am

Something else I noticed, is that if I look at the key pair and DevNetCA certificate I added via the PKI as a Service website the IDs are all the same.

Are certificates with a matching key pair supposed to have the same ID? This is what I see with the pkcs11-tool import.

sc-hsm · July 24, 2024, 7:18am

Difficult to trace from remote. Can you try the following:

Open the SmartCardHSM.js file located in scsh/sc-hsm of the installation directory of the Smart Card Shell.
On line 2324 in the getSize() method there is an uncommented GPSystem.trace() statement. Make that active by removing the “//”.
Restart the Smart Card Shell and try again.
In the Trace tab you should now see the PKCS#15 structure for the key.
Please post that here (it does not contain sensitive information, just things like label, key type etc.)

My guess is, that there is an incompatibility in the PKCS#15 structure.

ljbade · July 24, 2024, 9:54pm

I am not sure what caused things to change, but I tested adding the certificate with pkcs11-tool without an --id argument, and the certificate got added fine. However it had another unique ID value (which was different again to the existing copy of the cert I added via GUI.

I am sure this was causing the error yesterday, but now the GUI seems to read the card fine. All that changed was that I had closed the GUI down and unplugged the HSM since yesterday.

ljbade · July 24, 2024, 9:57pm

I then tested by supplying an --id value to pkcs11-tool, using the same ID as the existing key pair that was used to create the certificate.

This time the GUI started giving errors again.

I enabled the trace print, but it seems that I am getting the full certificate object, not just the PKCS#15 key, so I have deleted the bit with the subject data.

A0 [ CONTEXT 0 ] IMPLICIT SEQUENCE SIZE( 288 )
  SEQUENCE SIZE( 20 )
    UTF8-STRING SIZE( 11 )
      0000  43 65 72 74 69 66 69 63 61 74 65                 Certificate
    BIT-STRING SIZE( 2 )
      0000  07 80                                            ..
    OCTET-STRING SIZE( 1 )
      0000  01                                               .
  SEQUENCE SIZE( 34 )
    OCTET-STRING SIZE( 20 )
      0000  82 3C E9 5D 3A DA 99 30 90 2E 08 20 88 A3 0A 8A  .<.]:..0... ....
      0010  85 4A E1 F9                                      .J..
    BIT-STRING SIZE( 3 )
      0000  07 20 80                                         . .
    BIT-STRING SIZE( 2 )
      0000  03 B8                                            ..
    INTEGER SIZE( 1 )
      0000  02                                               .
  A0 [ CONTEXT 0 ] IMPLICIT SEQUENCE SIZE( 215 )
    SEQUENCE SIZE( 212 )
      SEQUENCE SIZE( 209 )
        SET SIZE( 30 )
          SEQUENCE SIZE( 28 )
            OBJECT IDENTIFIER = { id-at-commonName }
            UTF8-STRING SIZE( 21 )
... (deleted stuff here)
  A1 [ CONTEXT 1 ] IMPLICIT SEQUENCE SIZE( 10 )
    SEQUENCE SIZE( 8 )
      SEQUENCE SIZE( 2 )
        OCTET-STRING SIZE( 0 )
      INTEGER SIZE( 2 )
        0000  02 09                                            ..

ljbade · July 24, 2024, 10:11pm

In case it is useful here is the sanitised output from pkcs11-tool -O -l

Using slot 0 with a present token (0x0)
Logging in to "SmartCard-HSM (UserPIN)".
Please enter User PIN: 
Private Key Object; RSA 
  label:      DevNetCA/ [Tue Jul 23 2024 09:29:24 GMT+0200 (CEST)]
  ID:         96cc1a452e6c5343f956c3b45dcead3adeae6629
  Usage:      decrypt, sign, unwrap
  Access:     sensitive, always sensitive, never extractable, local
Certificate Object; type = X.509 cert
  label:      DevNetCA/ [Tue Jul 23 2024 09:29:24 GMT+0200 (CEST)]
  subject:    DN: C=DE, O=CardContact, OU=Developer Network, CN=
  ID:         96cc1a452e6c5343f956c3b45dcead3adeae6629
Public Key Object; RSA 2048 bits
  label:      DevNetCA/ [Tue Jul 23 2024 09:29:24 GMT+0200 (CEST)]
  ID:         96cc1a452e6c5343f956c3b45dcead3adeae6629
  Usage:      encrypt, verify
  Access:     local
Private Key Object; EC
  label:      Certificate
  ID:         823ce95d3ada9930902e082088a30a8a854ae1f9
  Usage:      sign, derive
  Access:     sensitive, always sensitive, never extractable, local
Certificate Object; type = X.509 cert
  label:      Certificate
  subject:    DN: CN=
  ID:         823ce95d3ada9930902e082088a30a8a854ae1f9
Public Key Object; EC  EC_POINT 528 bits
  EC_POINT:   04818504004185de5fbfa080634371cec5490d2cf7f5616537bb6532d8ece4045d596eff6de73ee6382b08cb0131143fadcd29e6ed2a0bfcc09304b982bb9dc7810c4e55ecf301834eb762da18dc5136107e4f26df85d5f224d998ee7d9d1ab0f855a65c0dca1fde8982d02380bb4df89197e6c14688d81457b462048c229a034c00ff8f1ffee32c
  EC_PARAMS:  06052b81040023
  label:      Certificate
  ID:         823ce95d3ada9930902e082088a30a8a854ae1f9
  Usage:      encrypt, verify
  Access:     local
Certificate Object; type = X.509 cert
  label:      CN=
  subject:    DN: CN=
  ID:         eb48a29100b11de480b9a2dbf73df5626e3f3bd1
Public Key Object; EC  EC_POINT 528 bits
  EC_POINT:   04818504006cc21bbfedb4661b74d75fe1818130928b0366c41dc41ec2681727f33d45272048242da7d71005dde79ac7dd5a3f585ca24a0061f297d70fc5f0fa521252eff6ec00068dd7707222771f6729f7ec5296a6185fe71cbb8235a25aecf93ed991ae5999bf652286c5612e956e5fed25533d180de6e2b7b0662cf22a652d2ddd0785c8b405
  EC_PARAMS:  06052b81040023
  label:      CN=
  ID:         eb48a29100b11de480b9a2dbf73df5626e3f3bd1
  Usage:      encrypt, verify
  Access:     local
Certificate Object; type = X.509 cert
  label:      Certificate
  subject:    DN: CN=
  ID:         1aeece1470c4d472a86e359be74611851a626ef9
Public Key Object; EC  EC_POINT 528 bits
  EC_POINT:   04818504004185de5fbfa080634371cec5490d2cf7f5616537bb6532d8ece4045d596eff6de73ee6382b08cb0131143fadcd29e6ed2a0bfcc09304b982bb9dc7810c4e55ecf301834eb762da18dc5136107e4f26df85d5f224d998ee7d9d1ab0f855a65c0dca1fde8982d02380bb4df89197e6c14688d81457b462048c229a034c00ff8f1ffee32c
  EC_PARAMS:  06052b81040023
  label:      Certificate
  ID:         1aeece1470c4d472a86e359be74611851a626ef9
  Usage:      encrypt, verify
  Access:     local

The keypair with ID 823ce95d3ada9930902e082088a30a8a854ae1f9 is the generated keypair for my certificate.

The certificate with ID eb48a29100b11de480b9a2dbf73df5626e3f3bd1 is the certificate added via the GUI. This does not cause the error.

The certificate with ID 1aeece1470c4d472a86e359be74611851a626ef9 is the certificate added via pkcs11-tool --write-object cert.der --type cert --login - so no --id. This does not cause the error.

The certificate with ID 823ce95d3ada9930902e082088a30a8a854ae1f9 is the certificate added via pkcs11-tool --write-object cert.der --type cert --login --id 823ce95d3ada9930902e082088a30a8a854ae1f9. This is the copy that causes the error.

sc-hsm · August 2, 2024, 1:59pm

Thanks for the help to trace this issue.

The general mechanism in the SmartCard-HSM is, that there is a private key with an associated certificate or a CA certificate. When importing a certificate, OpenSC will search for a matching key and associate both. If no matching key is found, the certificate is added as CA certificate, unrelated to any private key.

One criteria is the CKA_ID attribute. If that is missing on the command line, then a CKA_ID is generated, that is identical with the Subject Key Identifier (basically a SHA-1 hash over the public key).

So based on the pkcs15-tool dump above, both certificates with id eb48a29100b11de480b9a2dbf73df5626e3f3bd1 and 1aeece1470c4d472a86e359be74611851a626ef9 are added a CA certificates, unrelated to a private key.

However, the issue in the key manager is caused when reading the PKCS#15 meta data for the private key with id 823ce95d3ada9930902e082088a30a8a854ae1f9. For whatever reason, the PKCS#15 structure contains an additional information element for certificates, which should not be there. It looks to me, that this is an issue with OpenSC and I will try to create a test setup to diagnose this further.

sc-hsm · August 3, 2024, 3:10pm

We have update the Smart Card Shell to fix the issue.

Apparently OpenSC adds the optional subClassAttributes element to the PKCS#15 meta data when writing the certificate. That caused the code to extract the key size to fail.

Thanks for reporting this.