CardOS V5.3 fails with eu.europa.esig.dss.model.DSSException: Unable to sign : no such algorithm: SHA256withRSA for provider SunPKCS11-SmartCardXXXX

[saper]

Hello, cała Polska czekała na ten projekt 🇵🇱 💳 🇵🇱

I know you are working only with KIR card, but I have tried to use this with an EuroCert card and using opensc-pkcs11.so PKCS#11 driver that seem to support those cards just fine:

PKCS#15 Card [CardOS V5.3 | EC00XXXXXX]:
	Version        : 0
	Serial number  : 31
	Manufacturer ID: Atos IT Solutions and Services GmbH

An attempt to sign a login document from https://pz.gov.pl fails because the card does not support CKM_SHA256_RSA_PKCS and results in the following exception:

[qtp2121926899-17] INFO eu.europa.esig.dss.validation.CommonCertificateVerifier - + New CommonCertificateVerifier created.
[qtp2121926899-17] INFO eu.europa.esig.dss.token.AbstractSignatureTokenConnection - Signature algorithm : SHA256withRSA
[qtp2121926899-17] ERROR pl.podpisfree.api.Server - Can not process 'sign' api request.
pl.podpisfree.crypto.XMLSigner$XMLSignerException: Unable to sign
        at pl.podpisfree.crypto.XMLSigner.sign(XMLSigner.java:92)
        at pl.podpisfree.api.Server.lambda$run$5(Server.java:137)
        at spark.RouteImpl$1.handle(RouteImpl.java:72)
        at spark.http.matching.Routes.execute(Routes.java:61)
        at spark.http.matching.MatcherFilter.doFilter(MatcherFilter.java:134)
        at spark.embeddedserver.jetty.JettyHandler.doHandle(JettyHandler.java:50)
        at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1598)
        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
        at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
        at org.eclipse.jetty.server.Server.handle(Server.java:516)
        at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:487)
        at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:732)
        at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:479)
        at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:277)
        at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)
        at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)
        at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:555)
        at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:410)
        at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:164)
        at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)
        at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104)
        at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:338)
        at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:315)
        at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:173)
        at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:131)
        at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:409)
        at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:883)
        at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1034)
        at java.base/java.lang.Thread.run(Thread.java:840)
Caused by: eu.europa.esig.dss.model.DSSException: Unable to sign : no such algorithm: SHA256withRSA for provider SunPKCS11-SmartCardXXX
        at eu.europa.esig.dss.token.AbstractSignatureTokenConnection.sign(AbstractSignatureTokenConnection.java:88)
        at eu.europa.esig.dss.token.AbstractSignatureTokenConnection.sign(AbstractSignatureTokenConnection.java:66)
        at eu.europa.esig.dss.token.AbstractSignatureTokenConnection.sign(AbstractSignatureTokenConnection.java:58)
        at pl.podpisfree.crypto.CryptoCard.sign(CryptoCard.java:85)
        at pl.podpisfree.crypto.XMLSigner.sign(XMLSigner.java:82)
        ... 28 more
Caused by: java.security.NoSuchAlgorithmException: no such algorithm: SHA256withRSA for provider SunPKCS11-SmartCardXXX
        at java.base/sun.security.jca.GetInstance.getService(GetInstance.java:101)
        at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:218)
        at java.base/java.security.Signature.getInstance(Signature.java:450)
        at eu.europa.esig.dss.token.Pkcs11SignatureToken.getSignatureInstance(Pkcs11SignatureToken.java:360)
        at eu.europa.esig.dss.token.AbstractSignatureTokenConnection.sign(AbstractSignatureTokenConnection.java:136)
        at eu.europa.esig.dss.token.AbstractSignatureTokenConnection.sign(AbstractSignatureTokenConnection.java:82)
        ... 32 more

Here is what my PKCS#11 driver reports:

> pkcs11-tool -M
Using slot 0 with a present token (0x0)
Supported mechanisms:
  SHA-1, digest
  SHA224, digest
  SHA256, digest
  SHA384, digest
  SHA512, digest
  MD5, digest
  RIPEMD160, digest
  GOSTR3411, digest
  RSA-X-509, keySize={512,4096}, hw, decrypt, sign, verify
  RSA-PKCS, keySize={512,4096}, hw, decrypt, sign, verify
  SHA1-RSA-PKCS, keySize={512,4096}, sign, verify
  RSA-PKCS-PSS, keySize={512,4096}, hw, sign, verify
  SHA1-RSA-PKCS-PSS, keySize={512,4096}, sign, verify
  RSA-PKCS-OAEP, keySize={512,4096}, hw, decrypt

In theory, the solution is easy - hash first in the software and use CKM_RSA_PKCS mechanism as a fall back.
But with Java, the questions is which layer should detect this and change the mechanism used.

Big thanks for putting this out - it's a new hope for me!

[idf3d]

Hi @saper,

Quick search shows that OpenSC for CardOS V5.3 should support SHA256-RSA-PKCS. So first of all verify if you use newest version of OpenSC. Some OSes/distros/package managers can have old version so that is possible that you will need to build newest version of OpenSC manually.

Secondly: I'm not familiar with that card, but it is possible that different slots have different capabilities. Are you sure your QES is in slot 0? Consider to verify is there other available slots pkcs11-tool -L and what is supported by it pkcs11-tool --slot-index <0...N > -M

[saper]

It turns out I was running OpenSC/OpenSC@9dd5a8b (plus some WIP patches unrelated to this patch) which is between 0.23.0 and 0.24.0 (over a year old at the time of writing this). I have re-tried with 0.25.0 and the list of mechanisms is as follows:

> pkcs11-tool -M
Using slot 0 with a present token (0x0)
Supported mechanisms:
  SHA-1, digest
  SHA224, digest
  SHA256, digest
  SHA384, digest
  SHA512, digest
  MD5, digest
  RIPEMD160, digest
  GOSTR3411, digest
  RSA-X-509, keySize={512,4096}, hw, decrypt, sign, verify
  RSA-PKCS, keySize={512,4096}, hw, decrypt, sign, verify
  SHA1-RSA-PKCS, keySize={512,4096}, sign, verify
  RSA-PKCS-PSS, keySize={512,4096}, hw, sign, verify
  SHA1-RSA-PKCS-PSS, keySize={512,4096}, sign, verify
  RSA-PKCS-OAEP, keySize={512,4096}, hw, decrypt

There is only one slot:

> /usr/local/bin/pkcs11-tool -L
Available slots:
Slot 0 (0x0): Gemalto USB Shell Token V2 (4FFFFFFF) 00 00
  token label        : CardOS V5.3 | EC00FFFFF
  token manufacturer : Atos IT Solutions and Service...
  token model        : PKCS#15 emulated
  token flags        : login required, token initialized, PIN initialized
  hardware version   : 0.0
  firmware version   : 0.0
  serial num         : 31
  pin min/max        : 4/16

and any attempt to go beyond 0 results in Slot with index 1 (counting from 0) is not available.

[saper]

Just managed to extract their PKCS#15 EF(TokenInfo) which describes the token on the card:

$ /usr/local/bin/pkcs15-tool --list-info # serial numbers redacted
PKCS#15 Card [CardOS V5.3 | EC00FFFFF]:
	Version        : 0
	Serial number  : 31
	Manufacturer ID: Atos IT Solutions and Services GmbH
	Flags          : Login required, PRN generation
		 sc_supported_algo_info[0]:
			 reference  : 1 (0x01)
			 mechanism  : [0x01] CKM_RSA_PKCS                 
			 operations : [0xa2], compute_signature, decipher, generate/derive_key
			 algo_id    : 1.2.840.113549.1.1.1
			 algo_ref   : [0x0c]
		 sc_supported_algo_info[1]:
			 reference  : 2 (0x02)
			 mechanism  : [0x01] CKM_RSA_PKCS                 
			 operations : [0x82], compute_signature, generate/derive_key
			 algo_id    : 1.2.840.113549.1.1.1
			 algo_ref   : [0x88]
		 sc_supported_algo_info[2]:
			 reference  : 3 (0x03)
			 mechanism  : [0x01] CKM_RSA_PKCS                 
			 operations : [0xa0], decipher, generate/derive_key
			 algo_id    : 1.2.840.113549.1.1.1
			 algo_ref   : [0x08]
		 sc_supported_algo_info[3]:
			 reference  : 4 (0x04)
			 mechanism  : [0x06] CKM_SHA1_RSA_PKCS            
			 operations : [0x02], compute_signature
			 algo_id    : 1.2.840.113549.1.1.5
			 algo_ref   : [0x88]
		 sc_supported_algo_info[4]:
			 reference  : 17 (0x11)
			 mechanism  : [0x03] CKM_RSA_X_509                
			 operations : [0xa2], compute_signature, decipher, generate/derive_key
			 algo_id    : 1.2.840.113549.1.1.1
			 algo_ref   : [0x0a]
		 sc_supported_algo_info[5]:
			 reference  : 18 (0x12)
			 mechanism  : [0x03] CKM_RSA_X_509                
			 operations : [0x82], compute_signature, generate/derive_key
			 algo_id    : 1.2.840.113549.1.1.1
			 algo_ref   : [0x86]
		 sc_supported_algo_info[6]:
			 reference  : 19 (0x13)
			 mechanism  : [0x03] CKM_RSA_X_509                
			 operations : [0xa0], decipher, generate/derive_key
			 algo_id    : 1.2.840.113549.1.1.1
			 algo_ref   : [0x06]
		 sc_supported_algo_info[7]:
			 reference  : 20 (0x14)
			 mechanism  : [0x06] CKM_SHA1_RSA_PKCS            
			 operations : [0x02], compute_signature
			 algo_id    : 1.2.840.113549.1.1.5
			 algo_ref   : [0x86]