go-ethereum icon indicating copy to clipboard operation
go-ethereum copied to clipboard
verified publisher icon ethereum

Keycard unable to sign message

Open willianpaixao opened this issue 3 years ago • 8 comments

System information

Version: 1.10.21-unstable Git Commit: de1cecb22e2a18ad70d4cb92bee122f4549c5b79 Git Commit Date: 20220701 Architecture: amd64 Go Version: go1.18.1 Operating System: linux

Bug description

I have a Keycard unlocked:

> personal.listWallets
[{
    accounts: [{
        address: "0x774a37cbe7e32752ed114b56ac019aa9579b5690",
        url: "keycard://1a14/m/44'/60'/0'/0/0"
    }],
    status: "Online",
    url: "keycard://1a144d65"
}]

When attempting to sign any message I get the following error:

> personal.sign("0xdeadbeaf", "0x774a37cbe7e32752ed114b56ac019aa9579b5690", "347390")
GoError: Error: unexpected response status Cla=0x80, Ins=0xc0, Sw=0x6a80 at web3.js:6365:9(45)
        at github.com/ethereum/go-ethereum/internal/jsre.MakeCallback.func1 (native)
        at <eval>:1:1(5)

Therefore I can't send a transaction either:

> tx
{
  from: "0x774a37cbe7e32752ed114b56Ac019aA9579b5690",
  to: "0x3b15ba77fd4f389dafbbf3d8ecb241f781eec943",
  value: "1000000000000000"
}
> personal.sendTransaction(tx, "347390")
Error: unexpected response status Cla=0x80, Ins=0xc0, Sw=0x6a80
        at web3.js:6365:9(45)
        at send (web3.js:5099:62(34))
        at <eval>:1:25(5)

According to this page, the error 6A80 is "The parameters in the data field are incorrect."

Note:

  • I can easily sign messages using keycard-cli.
  • I can perform other task with the Keycard with Geth, like generate new keys.

Reference

  • https://blog.ethereum.org/2019/07/10/geth-v1-9-0/
  • https://geth.ethereum.org/docs/rpc/ns-personal

willianpaixao avatar Jul 01 '22 15:07 willianpaixao

Update, just out of curiosity I tried the same with my Ledger Nano S and got a very different error:

> personal.listWallets
[{
    accounts: [{
        address: "0x5cfe66f948e897cc08c4ff27d97167d6ccf4c412",
        url: "ledger://0001:000c:00/m/44'/60'/0'/0/0"
    }],
    status: "Ethereum app v1.9.19 online",
    url: "ledger://0001:000c:00"
}]
> personal.sign("0xdeadbeaf", "0x5cfe66f948e897cc08c4ff27d97167d6ccf4c412")
GoError: Error: not supported at web3.js:6365:9(45)
        at github.com/ethereum/go-ethereum/internal/jsre.MakeCallback.func1 (native)
        at <eval>:1:1(5)

Can I get some clarification of what exactly is not supported?

willianpaixao avatar Jul 01 '22 15:07 willianpaixao

Update 2, I then decided to use clef. Trying with the personal namespace:

> personal.listWallets
[{
    accounts: [{
        address: "0x774a37cbe7e32752ed114b56ac019aa9579b5690",
        url: "extapi:///home/willian/.clef/clef.ipc"
    }],
    status: "ok [version=6.1.0]",
    url: "extapi:///home/willian/.clef/clef.ipc"
}]
> tx
{
  from: "0x774a37cbe7e32752ed114b56Ac019aA9579b5690",
  to: "0x3b15ba77fd4f389dafbbf3d8ecb241f781eec943",
  value: "1000000000000000"
}
> personal.sendTransaction(tx)
Error: password-operations not supported on external signers
        at web3.js:6365:9(45)
        at send (web3.js:5099:62(34))
        at <eval>:1:25(4)

Then with the eth namespace:

> eth.signTransaction({from: "0x774a37cbe7e32752ed114b56Ac019aA9579b5690", to:"0x3b15ba77fd4f389dafbbf3d8ecb241f781eec943", gasPrice: 1, gas: 200, nonce:1})
Error: unexpected response status Cla=0x80, Ins=0xc0, Sw=0x6a80
        at web3.js:6365:9(45)
        at send (web3.js:5099:62(34))
        at <eval>:1:20(14)

And this is clef's logs:

unexpected response status Cla=0x80, Ins=0xc0, Sw=0x6a80
-------------------------------------------
WARN [07-01|19:47:53.784] Served account_signTransaction           reqid=10 duration=12.340321174s err="unexpected response status Cla=0x80, Ins=0xc0, Sw=0x6a80"

Lastly I tried with clef and my Ledger Nano S:

> eth.sign("0x5cfe66f948e897cc08c4ff27d97167d6ccf4c412", "0xdeadbeaf")
Error: not supported
        at web3.js:6365:9(45)
        at send (web3.js:5099:62(34))
        at <eval>:1:9(5)

And this is clef's log:

## Error 
not supported
-------------------------------------------
WARN [07-01|19:58:18.649] Served account_signData                  reqid=15 duration=9.505338748s err="not supported"

willianpaixao avatar Jul 01 '22 18:07 willianpaixao

What version of the keycard app is installed on your card?

gballet avatar Jul 04 '22 07:07 gballet

Same question about your ledger app version, btw.

gballet avatar Jul 04 '22 07:07 gballet 

$ keycard version
version 0.6.0
$ keycard info
Keycard Applet:
  Installed: true
  Initialized: true
  Key Initialized: true
  InstanceUID: 0x8880055ccd8e9412f39806d393d14552
  Version: 0x0300
  AvailableSlots: 0x03
  Capabilities:
    Secure channel:true
    Key management:true
    Credentials Management:true
    NDEF:true
Cash Applet:
  Installed: true
  Public Data: 0x
  Version: 0x0300

I use this CAP file. As for the ledger, it's the latest version, I believe its this tag.

Nice getting an answer straight from you, @gballet. I'd like to add that I have tried to locally update your library in Geth's go.mod, build and run, with no success.

diff --git a/go.mod b/go.mod
index e669cff88..26cc26445 100644
--- a/go.mod
+++ b/go.mod
@@ -21,8 +21,8 @@ require (
        github.com/fatih/color v1.7.0
        github.com/fjl/gencodec v0.0.0-20220412091415-8bb9e558978c
        github.com/fjl/memsize v0.0.0-20190710130421-bcb5799ab5e5
-       github.com/gballet/go-libpcsclite v0.0.0-20190607065134-2772fd86a8ff
-       github.com/go-stack/stack v1.8.0
+       github.com/gballet/go-libpcsclite v0.0.0-20191108122812-4678299bea08
+       github.com/go-stack/stack v1.8.1
        github.com/golang-jwt/jwt/v4 v4.3.0
        github.com/golang/protobuf v1.5.2
        github.com/golang/snappy v0.0.4
@@ -50,16 +50,16 @@ require (
        github.com/rjeczalik/notify v0.9.1
        github.com/rs/cors v1.7.0
        github.com/shirou/gopsutil v3.21.4-0.20210419000835-c7a38de76ee5+incompatible
-       github.com/status-im/keycard-go v0.0.0-20190316090335-8537d3370df4
+       github.com/status-im/keycard-go v0.0.0-20211109104530-b0e0482ba91d
        github.com/stretchr/testify v1.7.2
        github.com/supranational/blst v0.3.8-0.20220526154634-513d2456b344
        github.com/syndtr/goleveldb v1.0.1-0.20220614013038-64ee5596c38a
        github.com/tyler-smith/go-bip39 v1.0.1-0.20181017060643-dbb3b84ba2ef
        github.com/urfave/cli/v2 v2.10.2
-       golang.org/x/crypto v0.0.0-20210921155107-089bfa567519
+       golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d
        golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028
        golang.org/x/sync v0.0.0-20210220032951-036812b2e83c
-       golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a
+       golang.org/x/sys v0.0.0-20220627191245-f75cf1eec38b
        golang.org/x/term v0.0.0-20210927222741-03fcf44c2211
        golang.org/x/text v0.3.7
        golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba

willianpaixao avatar Jul 04 '22 09:07 willianpaixao

could you try to update your version to 3.0.2 ? It might be that the latest version that is supported in geth is 2.2.1, so try that as well if 3.0.2 doesn't work.

gballet avatar Jul 04 '22 10:07 gballet

As stated in my previous comment, I already use applet version 3.0.2.

I tried to install version 2.2.1 and get the following error, I believe the card prevents downgrade of the applet.

$ keycard install -f -l debug -a keycard_v2.2.1.cap
ERROR[07-04|14:32:26.892] installing Keycard applet failed         package=status-go/cmd/keycard  error="scard: Transaction failed."
ERROR[07-04|14:32:26.892] error executing command                  package=status-go/cmd/keycard  command=install error="scard: Transaction failed."

willianpaixao avatar Jul 04 '22 12:07 willianpaixao

@gballet @holiman After building the master branch, I can confirm this bug has been fix. This issue can now be closed.

willianpaixao avatar Nov 08 '22 21:11 willianpaixao

closing, thanks for reporting

MariusVanDerWijden avatar Jan 02 '23 12:01 MariusVanDerWijden