Error with a Yubikey FIPS in PIV mode: The parameters in the data field are incorrect

[drew-512]

Hi gents, appreciate all the work that's gone into jsign!

I am getting an exception that is not clear when signing from a Yubikey FIPS 5. I have verified things are working somewhat by changing storepass and it is returning an appropriate bad pin error.

Flipping through things I suspect the issue is the jsign side. Using jsign 6.0.0 on Windows 11 (through Cygwin).

 sign/tools/jsign.cmd --replace --storetype PIV --storepass XXXXXX --alias AUTHENTICATION --certfile ss-cert-chain.pem dummy.exe
Adding Authenticode signature to dummy.exe
jsign: Couldn't sign dummy.exe
net.jsign.bouncycastle.operator.RuntimeOperatorException: exception obtaining signature: java.security.GeneralSecurityException: javax.smartcardio.CardException: The parameters in the data field are incorrect
        at net.jsign.bouncycastle.operator.jcajce.JcaContentSignerBuilder$1.getSignature(Unknown Source)
        at net.jsign.bouncycastle.cms.SignerInfoGenerator.generate(Unknown Source)
        at net.jsign.bouncycastle.cms.CMSSignedDataGenerator.generate(Unknown Source)
        at net.jsign.bouncycastle.cms.CMSSignedDataGenerator.generate(Unknown Source)
        at net.jsign.asn1.authenticode.AuthenticodeSignedDataGenerator.generate(AuthenticodeSignedDataGenerator.java:50)
        at net.jsign.AuthenticodeSigner.createSignedData(AuthenticodeSigner.java:379)
        at net.jsign.AuthenticodeSigner.sign(AuthenticodeSigner.java:354)
        at net.jsign.SignerHelper.sign(SignerHelper.java:394)
        at net.jsign.JsignCLI.execute(JsignCLI.java:134)
        at net.jsign.JsignCLI.main(JsignCLI.java:40)
Caused by: java.security.SignatureException: java.security.GeneralSecurityException: javax.smartcardio.CardException: The parameters in the data field are incorrect  
        at net.jsign.jca.SigningServiceSignature.engineSign(SigningServiceSignature.java:48)
        at java.security.Signature$Delegate.engineSign(Unknown Source)
        at java.security.Signature.sign(Unknown Source)
        ... 10 more
Caused by: java.security.GeneralSecurityException: javax.smartcardio.CardException: The parameters in the data field are incorrect
        at net.jsign.jca.PIVCardSigningService.sign(PIVCardSigningService.java:149)
        at net.jsign.jca.SigningServiceSignature.engineSign(SigningServiceSignature.java:46)
        ... 12 more
Caused by: javax.smartcardio.CardException: The parameters in the data field are incorrect
        at net.jsign.jca.SmartCard.handleError(SmartCard.java:130)
        at net.jsign.jca.PIVCard.sign(PIVCard.java:331)
        at net.jsign.jca.PIVCardSigningService.sign(PIVCardSigningService.java:147)
        ... 13 more

[ebourg]

Thank you for reporting this issue. What is the version of the Yubikey firmware? Does it work better if you install the Yubico PIV Tool and use --storetype YUBIKEY instead of PIV?

[drew-512]

Hi! I very much appreciate your assistance friend.

Looks like 5.4.2 (also see below).

I tried --storetype YUBIKEY but jsign is saying it failed:

sign/tools/jsign.cmd --replace --storetype YUBIKEY --storepass XXXXXX --alias 'X.509 Certificate for PIV Authentication' --tsaurl http://timestamp.sectigo.com dummy.exe
Adding Authenticode signature to dummy.exe
jsign: Couldn't sign dummy.exe
java.security.SignatureException: Signature verification failed, the private key doesn't match the certificate
        at net.jsign.AuthenticodeSigner.verify(AuthenticodeSigner.java:498)
        at net.jsign.AuthenticodeSigner.createSignedData(AuthenticodeSigner.java:382)
...

$ ./yubico-piv-tool -astatus
Version:        5.4.2
Serial Number:  16718214
CHUID:  3019d4e739da739ced39ce739d836858210842108421c84210c3eb341006b2bf1aa6befa10096ef486570ffc4b350832303330303130313e00fe00
CCC:    No data available
Slot 9a:
        Algorithm:      ECCP384
        Subject DN:     serialNumber=3334581/jurisdictionC=US/jurisdictionST=Delaware/businessCategory=Private Organization, C=US, ST=New York, O=SoundSpectrum, Inc., CN=SoundSpectrum, Inc.
        Issuer DN:      C=GB, O=Sectigo Limited, CN=Sectigo Public Code Signing CA EV E36
        Fingerprint:    e90f53e7e1d16400662590c2455346ab87e1e5a1bcd0a1d4e28e418a057e4155
        Not Before:     May 21 00:00:00 2024 GMT
        Not After:      May 21 23:59:59 2025 GMT
Slot 82:
        Algorithm:      RSA2048
        Subject DN:     C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
        Issuer DN:      C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
        Fingerprint:    d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4
        Not Before:     Jan  1 00:00:00 2004 GMT
        Not After:      Dec 31 23:59:59 2028 GMT
Slot 83:
        Algorithm:      ECCP384
        Subject DN:     C=GB, O=Sectigo Limited, CN=Sectigo Public Code Signing Root E46
        Issuer DN:      C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
        Fingerprint:    db44cb073b747cb2addfada3b7a6bf855e0a278194be6dc28113ce97a7ed26bb
        Not Before:     Feb 28 00:00:00 2023 GMT
        Not After:      Dec 31 23:59:59 2028 GMT
Slot 84:
        Algorithm:      ECCP256
        Subject DN:     C=GB, O=Sectigo Limited, CN=Sectigo Public Code Signing CA EV E36
        Issuer DN:      C=GB, O=Sectigo Limited, CN=Sectigo Public Code Signing Root E46
        Fingerprint:    9ecee96bda8eec6f28e40d78e0c2d58d57837827eaa23b43176f1c0be255b993
        Not Before:     Mar 22 00:00:00 2021 GMT
        Not After:      Mar 21 23:59:59 2036 GMT
PIN tries left: 3

drew@amp-org-pcdev /cygdrive/c/Program Files/Yubico/YubiKey Manager CLI
$ ./ykman piv info
PIV version:              5.4.2
PIN tries remaining:      3/3
PUK tries remaining:      1/3
Management key algorithm: TDES
Management key is stored on the YubiKey, protected by PIN.
CHUID: 3019d4e739da739ced39ce739d836858210842108421c84210c3eb341006b2bf1aa6befa10096ef486570ffc4b350832303330303130313e00fe00
CCC:   No data available
Slot 82 (RETIRED1):
  Private key type: EMPTY
  Public key type:  RSA2048
  Subject DN:       CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB
  Issuer DN:        CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB
  Serial:           1
  Fingerprint:      d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef4
  Not before:       2004-01-01T00:00:00+00:00
  Not after:        2028-12-31T23:59:59+00:00

Slot 83 (RETIRED2):
  Private key type: EMPTY
  Public key type:  ECCP384
  Subject DN:       CN=Sectigo Public Code Signing Root E46,O=Sectigo Limited,C=GB
  Issuer DN:        CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB
  Serial:           284056931552150898782024188839649458891
  Fingerprint:      db44cb073b747cb2addfada3b7a6bf855e0a278194be6dc28113ce97a7ed26bb
  Not before:       2023-02-28T00:00:00+00:00
  Not after:        2028-12-31T23:59:59+00:00

Slot 84 (RETIRED3):
  Private key type: EMPTY
  Public key type:  ECCP256
  Subject DN:       CN=Sectigo Public Code Signing CA EV E36,O=Sectigo Limited,C=GB
  Issuer DN:        CN=Sectigo Public Code Signing Root E46,O=Sectigo Limited,C=GB
  Serial:           73711211433345001245318154040046987031
  Fingerprint:      9ecee96bda8eec6f28e40d78e0c2d58d57837827eaa23b43176f1c0be255b993
  Not before:       2021-03-22T00:00:00+00:00
  Not after:        2036-03-21T23:59:59+00:00

Slot 9A (AUTHENTICATION):
  Private key type: ECCP256
  Public key type:  ECCP384
  Subject DN:       CN=SoundSpectrum\, Inc.,O=SoundSpectrum\, Inc.,ST=New York,C=US,2.5.4.15=Private Organization,1.3.6.1.4.1.311.60.2.1.2=Delaware,1.3.6.1.4.1.311.60.2.1.3=US,2.5.4.5=3334581
  Issuer DN:        CN=Sectigo Public Code Signing CA EV E36,O=Sectigo Limited,C=GB
  Serial:           122169199998415683808222965368559008620
  Fingerprint:      e90f53e7e1d16400662590c2455346ab87e1e5a1bcd0a1d4e28e418a057e4155
  Not before:       2024-05-21T00:00:00+00:00
  Not after:        2025-05-21T23:59:59+00:00

Slot 9C (SIGNATURE):
  Private key type: ECCP256

[ebourg]

There is something weird with the slot 9A, the algorithm of the private key (ECCP256) doesn't match the algorithm of the public key (ECCP384). How did you load the private key and the certificate on the Yubikey? Did you generate the private key on the Yubikey yourself and Sectigo sent the certificate, or did Sectigo send the preloaded Yubikey directly?

[drew-512]

Hi! Indeed, I noticed that but didn't consider myself expert enough to identify that as an issue. Silly me -- to assume that the Yubikey would verify that an imported crt matches the private key before accepting it!

I've contacted Sertigo and getting a reissue on ECCP384. Hopefully this explains my issues in which case I will be proud to tells others about jsign. Will report back here later today. Emmanuel! Your work is most appreciated!

[drew-512]

Ok, it's confirmed that Sectigo sent me the wrong cert (sending a ECCP384 rather than ECCP256). I am rather unimpressed that Yubikey merrily imports a cert without doing any verification.

Anyway, jsign is signed no problem with a newly issued ECCP384 and imported cert. My only thought was that if jsign caught this exception in a meaningful way and describe what was happening that may help. If there was a bad cert in there but happened to be ECCP384, you wouldn't have been tipped off.

Thank you again Emmanuel! My favorite name! <3

[ebourg]

My only thought was that if jsign caught this exception in a meaningful way and describe what was happening that may help. If there was a bad cert in there but happened to be ECCP384, you wouldn't have been tipped off.

Yes I agree. Jsign performs a basic verification after the signature is created, and a mismatch between the private key and the public key is reported:

https://github.com/ebourg/jsign/blob/ea3ead84/jsign-core/src/main/java/net/jsign/AuthenticodeSigner.java#L496

But the issue here appears before the signature is created, the Yubikey refused to sign the payload. I have to investigate why.