I ran into this exception when running the script (the other lines are included to show that other than the error everything else seems to be working)
espsecure.py v4.6.1
Trying to establish a session with the HSM.
Session creation successful with HSM slot 0.
Trying to extract public key from the HSM.
Got public key with label esp32-secure-boot.
Connection closed successfully
Trying to establish a session with the HSM.
Session creation successful with HSM slot 0.
Got private key metadata with label esp32-secure-boot.
Signing payload using the HSM.
<class 'pkcs11.exceptions.DataLenRange'> Mechanism.SHA256_RSA_PKCS_PSS
Payload Signing Failed
The failure seems to point to the supported mechanism so I queried the HSM using pkcs11-tool -M
Which returns:
Those are minimum and maximum key lengths. The problem must be with the length of the input data (or maybe the parameters?). According to the PKCS#11 standard the data length should be arbitrary.
I have managed to perform the PSS signature using the following command:
Using slot 0 with a present token (0x0)
Using signature algorithm RSA-PKCS-PSS
PSS parameters: hashAlg=SHA256, mgf=MGF1-SHA256, salt_len=32 B
Signature is valid
Looks like libsc-hsm-pkcs11.so can do it, but I have to specify key ID instead of a label:
printf "To be signed.\n" | /usr/local/bin/pkcs11-tool \
--module /usr/local/lib/libsc-hsm-pkcs11.so \
-m SHA256-RSA-PKCS-PSS --id 05 \
--sign -l -p 648219 -y privkey > pss.sign
Using slot 0 with a present token (0x1)
Using signature algorithm SHA256-RSA-PKCS-PSS
PSS parameters: hashAlg=SHA256, mgf=MGF1-SHA256, salt_len=32 B
@sc-hsm I noticed the above command generates 80 68 05 43 APDU, while using --label esp32-secure-boot or any other label of the RSA key produces 80 68 01 43, which in my case points to the wrong key (EC).
opensc-pkcs11 with SHA256-RSA-PKCS-PSS prefers to do the hashing in the software and then sends this command resulting in 67 00: