-
Notifications
You must be signed in to change notification settings - Fork 94
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Signature not intact after signing with Google Cloud KMS HSM #161
Comments
OK some more info : To be safe I've tried with the same private key to generate another x509 (as per the comment on the example code).
The result is exactly the same with a SIG_CRYPTO_FAILURE, except I also now have "The result of the 'X.509 Certificate Validation' building block is not conclusive" error which is expected with this manually created and untrusted certificate. BUT reading the code from verifier.py I saw something that made me think that the "signature_algorithm" was maybe the culprit...I created a new HSM key but this time with the algo "2048 bit RSA key PKCS#1 v1.5 padding - SHA256 Digest" (instead of "2048 bit RSA key PSS Padding - SHA256 Digest" for the first key). I created another x509 manually and...The resulting PDF does not have SIG_CRYPTO_FAILURE ! The problem is that now I have issued the certificate for 3 years with the RSA PSS key so I would very much like to use it 😢 I can see that the "pss" param in cms is forced to False. And if I try to force it to True, I now have a (logical) Exception :
Because the key==None when you use an HSM. Does anyone have an idea on how to modify the salt_length / calculate_max_pss_salt_length code to adapt to this use-case ? Thanks ! |
I tried some more things :
But to no avail. I then tried
Not working either. Anyone knows the right config of what to put there ? Or maybe the problem is later, in the hsm.sign() call or code ? |
I made it work !!! 😍 With pss = True and this code for the signer["signature_algorithm"] :
So in my case "salt_length" must be == 32 even though Google says
The first part is correct but the second is not...I think you really need to read "use the digest size of the hash algo for the salt length", so for SHA256 it's 32 not 256 ! The rest of the endesive code is OK, except the two hardcoded "sha512" in the PSS parameters (I don't know why that is ?). @m32 could I create a PR to use the hashalgo param instead of "sha512" (and the hashes.SHA512() further down for hsm == None and pss == True) in signer.py ? |
I added a test: test_pdf_pss and the pss parameter in udct. Since I don't have the Google key, I can't check how it works, please check the Git versions with these corrections. |
Hello @m32 ! Thank you very much for your edit ! Unfortunately it does not work as the code in signer.py:159 tries to calculate the salt length with a non-existing key. The private key is inaccessible in the HSM so the pdf.cms.sign() is made with Key==None :
If I force the salt_length to md.digest_size like in my PR, everything else works as is !
Would you be able to release a new version with this change ? Thank you again very much for your response and quick action. |
I need to have an example and a test, an identical test for the case when Key!=None (current behavior), otherwise I don't know what repercussions it will have on the existing code. Please prepare an appropriate correction as (new) PR and we will know after testing. |
Do you mean the case when hsm is None or key is None ?
|
I mean when I'm sorry but I don't see theses lines
anywhere in the repo. They would indeed make my case work, they are similar to my Can you point me to where this code lives ? |
signer.py line 337: if hsm is not None:
tosign is signed by hsm
elif isinstance(key, keys.PrivateKeyInfo):
tosign is signed by ec key
else:
if pss:
tosign is signed by key and salt_length must be known
in this case (yours ?) hsm must be None
and key must be not not None
and not instance of PrivateKeyInfo
salt_length is calculated in line 155
else:
tosign is signed by key in pkcs1v15 mode |
change added and commited, next version is ready to publish, please confirm |
Yes that last version commited (634fff1) indeed works great ! Just to clarify : My case is (like in pdf-sign-cms-hsm-google.py) :
And the problem was (as you found out) earlier in the code of signer.py (lines 154-162) than lines 337- Thank you very much in advance for publishing the new version 🙏 |
published |
2.17.2 tested and approved ! For future reference if anyone find this thread, Endesive works with both these Google Cloud KSM HSM key algos : Just follow the example in /examples/pdf-sign-cms-hsm-google.py for the details. Thanks again for everything @m32, keep up the good work with this great lib 😸 Cheers. |
Hello,
I'm using endesive==2.17.0.
Up until now, I have successfully been using the "simple" signing and certifying with a pkcs12 key certs (ETSI 319 411-1 LCP = RGS * in France).
I had to upgrade to use a ETSI 319 411-2 QCP-l (RGS** in France) where the private key is on a Google Cloud KMS HSM, to obtain the AdES level with a trusted certificate chain.
The code in /examples/pdf-sign-cms-hsm-google.py is working well. I'm using exactly what's in there
And everything else, I just added the digest_crc32c and signature_crc32c checks (as per https://github.com/GoogleCloudPlatform/python-docs-samples/blob/main/kms/snippets/sign_asymmetric.py but the result is the same without it).
No complaints from anywhere on execution.
However the final document seems to have a "broken" signature and the DSS validation (https://ec.europa.eu/digital-building-blocks/DSS/webapp-demo/validation) shows a "SIG_CRYPTO_FAILURE" (https://ec.europa.eu/digital-building-blocks/DSS/webapp-demo/apidocs/eu/europa/esig/dss/enumerations/SubIndication.html#SIG_CRYPTO_FAILURE) :
And Master PDF Editor (I'm on Linux, I have not been able to test on Adobe Reader yet) says :
Here is an example you can use yourself on the DSS validation :
F-2024-02-15-M-4.pdf
F-2024-02-15-M-4_hsm_signed.pdf
I've read a lot of the code in cms/signer to try and understand what could be wrong but I have to admit I'm a little bit out of my depth here, regarding the internal structures of PDFs especially... 🥲
Has anyone been successful in this use-case ?
@Arbitrage0 maybe, since you wrote the Google HSM code ?
Does anyone has any ideas of what could be the problem, or ideas of thing to test further on my end ?
I'm pretty much stuck 😞
The text was updated successfully, but these errors were encountered: