Problem with ecdsa keys (384p)?

[cpfeiffer]

We have an HSM (Yubikey 5 nano) with two keys, one (old) RSA key, and one (new) ecdsa key:

$ cosign pkcs11-tool list-keys-uris 

Listing URIs of keys in slot '0' of PKCS11 module '/usr/lib/x86_64-linux-gnu/pkcs11/opensc-pkcs11.so'
Object 0
        Label: PIV AUTH key
        ID: 01
        URI: pkcs11:token=Unknown;slot-id=0;id=%01;object=PIV%20AUTH%20key?module-path=/usr/lib/x86_64-linux-gnu/pkcs11/opensc-pkcs11.so&pin-value=redacted
Object 1
        Label: SIGN key
        ID: 02
        URI: pkcs11:token=Unknown;slot-id=0;id=%02;object=SIGN%20key?module-path=/usr/lib/x86_64-linux-gnu/pkcs11/opensc-pkcs11.so&pin-value=redacted

Signing works fine with the first one ("PIV AUTH key"):

$ cosign sign --key "pkcs11:token=Unknown;slot-id=0;id=%01;object=PIV%20AUTH%20key?module-path=/usr/lib/x86_64-linux-gnu/pkcs11/opensc-pkcs11.so&pin-value=redacted" my_registry/my_image@sha256:xxx
WARNING: "my_registry//my_image" appears to be a private repository, please confirm uploading to the transparency log at "https://rekor.sigstore.dev"
Are you sure you would like to continue? [y/N] 
not uploading to transparency log
Pushing signature to: my_registry/my_image

But it fails with the second "SIGN key" key:

$ cosign sign --key "pkcs11:token=Unknown;slot-id=0;id=%02;object=SIGN%20key?module-path=/usr/lib/x86_64-linux-gnu/pkcs11/opensc-pkcs11.so&pin-value=redacted" my_registry/my_image@sha256:xxx
WARNING: "my_registry//my_image" appears to be a private repository, please confirm uploading to the transparency log at "https://rekor.sigstore.dev"
Are you sure you would like to continue? [y/N] 
not uploading to transparency log
Error: signing [my_registry/my_image@sha256:xxx]: signing digest: pkcs11: 0x101: CKR_USER_NOT_LOGGED_IN
main.go:74: error during command execution: signing [my_registry/my_image@sha256:xxx]: signing digest: pkcs11: 0x101: CKR_USER_NOT_LOGGED_IN

p11tool lists the first as:

Type: X.509 Certificate (RSA-2048)

and the second one as

Type: X.509 Certificate (EC/ECDSA-SECP384R1)

Signing with the latter key works fine with e.g. jarsigner or jsign via SunPKCS11/OpenSC with libykcs11.so.2.

Any hints how to get this working with cosign as well would be much appreciated.

We also have a verbose opensc debug log:

P:86; T:0x140716214478528 14:39:44.077 [opensc-pkcs11] apdu.c:382:sc_single_transmit: returning with: 0 (Success)
P:86; T:0x140716214478528 14:39:44.077 [opensc-pkcs11] apdu.c:539:sc_transmit: returning with: 0 (Success)
P:86; T:0x140716214478528 14:39:44.077 [opensc-pkcs11] card.c:530:sc_unlock: called
P:86; T:0x140716214478528 14:39:44.077 [opensc-pkcs11] iso7816.c:128:iso7816_check_sw: Security status not satisfied
P:86; T:0x140716214478528 14:39:44.077 [opensc-pkcs11] card-piv.c:575:piv_general_io: Card returned error  
P:86; T:0x140716214478528 14:39:44.077 [opensc-pkcs11] card.c:530:sc_unlock: called
P:86; T:0x140716214478528 14:39:44.077 [opensc-pkcs11] card-piv.c:583:piv_general_io: returning with: -1211 (Security status not satisfied)
P:86; T:0x140716214478528 14:39:44.077 [opensc-pkcs11] card-piv.c:2429:piv_validate_general_authentication: returning with: -1211 (Security status not satisfied)
P:86; T:0x140716214478528 14:39:44.077 [opensc-pkcs11] card-piv.c:2471:piv_compute_signature: returning with: -1211 (Security status not satisfied)
P:86; T:0x140716214478528 14:39:44.077 [opensc-pkcs11] sec.c:66:sc_compute_signature: returning with: -1211 (Security status not satisfied)
P:86; T:0x140716214478528 14:39:44.077 [opensc-pkcs11] pkcs15-pin.c:816:sc_pkcs15_pincache_revalidate: called
P:86; T:0x140716214478528 14:39:44.077 [opensc-pkcs11] card.c:530:sc_unlock: called
P:86; T:0x140716214478528 14:39:44.077 [opensc-pkcs11] pkcs15-sec.c:169:use_key: returning with: -1211 (Security status not satisfied)
P:86; T:0x140716214478528 14:39:44.077 [opensc-pkcs11] pkcs15-sec.c:771:sc_pkcs15_compute_signature: use_key() failed: -1211 (Security status not satisfied)
P:86; T:0x140716214478528 14:39:44.077 [opensc-pkcs11] pkcs15-sec.c:784:sc_pkcs15_compute_signature: returning with: -1211 (Security status not satisfied)
P:86; T:0x140716214478528 14:39:44.077 [opensc-pkcs11] card.c:530:sc_unlock: called
P:86; T:0x140716214478528 14:39:44.077 [opensc-pkcs11] reader-pcsc.c:740:pcsc_unlock: called
P:86; T:0x140716214478528 14:39:44.078 [opensc-pkcs11] framework-pkcs15.c:4312:pkcs15_prkey_sign: Sign complete. Result -1211.
P:86; T:0x140716214478528 14:39:44.078 [opensc-pkcs11] misc.c:71:sc_to_cryptoki_error_common: libopensc return value: -1211 (Security status not satisfied)
P:86; T:0x140716214478528 14:39:44.078 [opensc-pkcs11] mechanism.c:603:sc_pkcs11_signature_final: returning with: 257
P:86; T:0x140716214478528 14:39:44.078 [opensc-pkcs11] mechanism.c:460:sc_pkcs11_sign_final: returning with: 257
P:86; T:0x140716214478528 14:39:44.078 [opensc-pkcs11] pkcs11-object.c:745:C_Sign: C_Sign() = CKR_USER_NOT_LOGGED_IN

[haydentherapper]

Using a key not stored on an HSM, ecdsa is supported. My guess would be some incompatibility with the underlying library for hardware tokens, but I don’t have a way to test this atm.

[cpfeiffer]

Thanks, I will have a look if I can reproduce it with p11tool or openssl.