native-pkcs11 and smartcard-hsm

FUSTE Emmanuel emmanuel.fuste at thalesgroup.com
Wed May 25 14:27:28 UTC 2016 

Le 25/05/2016 14:29, FUSTE Emmanuel a écrit :
> Le 24/05/2016 16:36, FUSTE Emmanuel a écrit :
>> Le 23/05/2016 16:40, FUSTE Emmanuel a écrit :
>>> Hello,
>>>
>>> I'm trying to use a smartcard-hsm usb stick (v1.2) with BIND 9.10.3-P4.
>>> This stick is working with powerdns and support all crypto operations
>>> required for basic DNSSEC support.
>>>
>>> But I get this warning/error:
>>> "PKCS#11 provider has no digest service".
>>> "This HSM will not work with BIND 9 using native PKCS#11."
>>>
>>> Bind version:
>>> BIND 9.10.3-P4-Debian <id:ebd72b3>
>>> built by make with '--prefix=/usr' '--mandir=/usr/share/man'
>>> '--libdir=/usr/lib/i386-linux-gnu' '--infodir=/usr/share/info'
>>> '--sysconfdir=/etc/bind' '--with-python=python3' '--localstatedir=/'
>>> '--enable-threads' '--enable-largefile' '--with-libtool'
>>> '--enable-shared' '--enable-static' '--with-openssl=/usr'
>>> '--with-gssapi=/usr' '--with-gnu-ld' '--with-geoip=/usr' '--with-atf=no'
>>> '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa'
>>> '--enable-native-pkcs11'
>>> '--with-pkcs11=/usr/lib/i386-linux-gnu/softhsm/libsofthsm2.so'
>>> 'CFLAGS=-g -O2 -fPIE -fstack-protector-strong -Wformat
>>> -Werror=format-security -fno-strict-aliasing
>>> -fno-delete-null-pointer-checks -DNO_VERSION_DATE' 'LDFLAGS=-fPIE -pie
>>> -Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2
>>> -DDIG_SIGCHASE'
>>> compiled by GCC 5.3.1 20160429
>>> compiled with OpenSSL version: OpenSSL 1.0.2h  3 May 2016
>>> linked to OpenSSL version: OpenSSL 1.0.2h  3 May 2016
>>> compiled with libxml2 version: 2.9.3
>>> linked to libxml2 version: 20903
>>>
>>> pkcs11-torens informations:
>>> pkcs11-tokens -m /usr/lib/i386-linux-gnu/opensc-pkcs11.so
>>> Warning: PKCS#11 provider has no digest service
>>> This HSM will not work with BIND 9 using native PKCS#11.
>>>
>>> DEFAULTS
>>>             rand_token=0x80300368
>>>             best_rsa_token=0x80300368
>>>             best_dsa_token=(nil)
>>>             best_dh_token=(nil)
>>>             digest_token=(nil)
>>>             best_ec_token=(nil)
>>>             best_gost_token=(nil)
>>>             aes_token=(nil)
>>>
>>> TOKEN
>>>             address=0x80300368
>>>             slotID=0
>>>             label=SmartCard-HSM (UserPIN)
>>>             manufacturerID=www.CardContact.de
>>>             model=PKCS#15 emulated
>>>             serialNumber=DECC0100872
>>>             supported operations=0x6 (RAND,RSA)
>>>
>>> PKCS11 mechanism returned by pkcs11-tool:
>>> pkcs11-tool -M
>>> Using slot 0 with a present token (0x0)
>>> Supported mechanisms:
>>>       SHA-1, digest
>>>       SHA256, digest
>>>       SHA384, digest
>>>       SHA512, digest
>>>       MD5, digest
>>>       RIPEMD160, digest
>>>       GOSTR3411, digest
>>>       ECDSA, keySize={192,320}, hw, sign, other flags=0x1d00000
>>>       ECDSA-SHA1, keySize={192,320}, hw, sign, other flags=0x1d00000
>>>       ECDH1-COFACTOR-DERIVE, keySize={192,320}, hw, derive, other
>>> flags=0x1d00000
>>>       ECDH1-DERIVE, keySize={192,320}, hw, derive, other flags=0x1d00000
>>>       ECDSA-KEY-PAIR-GEN, keySize={192,320}, hw, generate_key_pair, other
>>> flags=0x1d00000
>>>       RSA-X-509, keySize={1024,2048}, hw, decrypt, sign, verify
>>>       RSA-PKCS, keySize={1024,2048}, hw, decrypt, sign, verify
>>>       SHA1-RSA-PKCS, keySize={1024,2048}, sign, verify
>>>       SHA256-RSA-PKCS, keySize={1024,2048}, sign, verify
>>>       SHA384-RSA-PKCS, keySize={1024,2048}, sign, verify
>>>       SHA512-RSA-PKCS, keySize={1024,2048}, sign, verify
>>>       MD5-RSA-PKCS, keySize={1024,2048}, sign, verify
>>>       RIPEMD160-RSA-PKCS, keySize={1024,2048}, sign, verify
>>>       RSA-PKCS-KEY-PAIR-GEN, keySize={1024,2048}, generate_key_pair
>>>
>>> Perhaps Bind require more, but all needed digest services are here.
>>> Is something that will be fixed ? How could I help to get it fixed ?
>>> Does anyone have any insights or suggestions?
>>>
>>> Thanks,
>>>
>>> Emmanuel.
>>
>> Ok, digging into docs and code give me some answers:
>>
>> In native PKCS11 mode, all crypto operations are offhanded to the HSM.
>> This is totally crazy nowadays. HSM are HSM not PKCS11 crypto
>> accelerators, a concept from the past on actual hardware for 99.99% of
>> real use.
>> If something like "sign-only" and "crypto-accelerator" OpenSSL-based
>> PKCS#11 is not implemented too in the future, native-pkcs11 is a dead
>> end. Option that should be select-able at runtime and which eventually
>> permit to chose what to offload to the device in the crypto-accelerator
>> mode (and perhaps on different devices etc ...).
>>
>> Will try to compile a modified openssl in sign-only mode for my token.
>> I already successfully created keys with the pkcs11-keygen command and
>> the used debian/ubuntu package already include native pkcs11 and openssl
>> versions of named and dnssec tools (-pkcs11 variants).
>> I was misguided by the "named -V" command which return the
>> --enable-native-pkcs11 flag on the two binary but they are linked with
>> different
>> libisc libraries (cosmetic packaging problem).
>>
>> Will report results.
>>
>> Emmanuel.
>>
>
> Latest progress:
>
> OpenSSL PKCS#11 patch does not permit to build a shared version of the
> "pkcs11" engine.
> Will try now do do that manually.
>
> In the mean time, I try to use native mode with p11-kit.
> The idea was to use softhsm2 pkcs11 lib as the main provider and my
> token via opensc-pkcs11 for the sign operations.
> Bind would use openssl for all it crypto operations via softhsm and
> pkcs11 uri would transparently point to my token via opensc-pkcs11 for
> sign operations.
> But neither pkcs11 commands or dnssec- command work with
> p11-kit-proxy.so : "fatal: could not initialize dst: PKCS#11
> initialization failed" or "Unrecoverable error initializing PKCS#11:
> PKCS#11 initialization failed"
>
> As a last resort, if the dynamic engine is a dead end, I will try to
> build rebuild bind with a static version of openssl before giving up.
> Not an appealing thing from a maintenance point of view, but it will
> permit to validate if bind could work NOW one way or another in
> auto-dnssec maintain mode with a smartcard-hsm.
>
> Emmanuel.
>

Dynamic engine support is broken and disabled in the code.
When re-enabling I get segfault:
Starting program: /opt/pkcs11/usr/bin/openssl
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
OpenSSL> engine -pre SO_PATH:/opt/pkcs11/usr/lib/engines/libhw_pk11so.so 
  -pre LOAD
(dynamic) Dynamic engine loading support
[Success]: SO_PATH:/opt/pkcs11/usr/lib/engines/libhw_pk11so.so
[Failure]: LOAD

Program received signal SIGSEGV, Segmentation fault.
__strlen_sse2_bsf () at ../sysdeps/i386/i686/multiarch/strlen-sse2-bsf.S:62
62      ../sysdeps/i386/i686/multiarch/strlen-sse2-bsf.S: No such file 
or directory.
(gdb) bt
#0  __strlen_sse2_bsf () at 
../sysdeps/i386/i686/multiarch/strlen-sse2-bsf.S:62
#1  0xb7e0b718 in _dopr () from /opt/pkcs11/usr/lib/libcrypto.so.1.0.0
#2  0xb7e0bf14 in BIO_vsnprintf () from 
/opt/pkcs11/usr/lib/libcrypto.so.1.0.0
#3  0xb7e0bf75 in BIO_snprintf () from 
/opt/pkcs11/usr/lib/libcrypto.so.1.0.0
#4  0xb7e16d6a in ERR_print_errors_cb () from 
/opt/pkcs11/usr/lib/libcrypto.so.1.0.0
#5  0xb7e16e1f in ERR_print_errors () from 
/opt/pkcs11/usr/lib/libcrypto.so.1.0.0
#6  0x080a3dba in util_do_cmds.isra ()
#7  0x080a412c in engine_main ()
#8  0x0805b7cd in do_cmd ()
#9  0x0805b4a4 in main ()

Even if it is surely fixable, I don't have skills to fix it in a timely 
manner.

So next plan Z: static patched openssl and bind rebuild.

Emmanuel.

More information about the bind-users mailing list