Improve error logging in pkcs11 verification

The error logging in the PKCS11 VerifyASN1 method has been enhanced. Now it includes details such as the hash, the signature, and the EC Public Key when the verification fails.
arkavo-org · May 12, 2024 · 59afc6e · 59afc6e
1 parent f45c491
commit 59afc6e
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/service/internal/security/hsm.go b/service/internal/security/hsm.go
@@ -6,6 +6,7 @@ import (
 	"crypto/rsa"
 	"crypto/sha256"
 	"crypto/x509"
+	"encoding/hex"
 	"encoding/json"
 	"encoding/pem"
 	"errors"
@@ -512,7 +513,10 @@ func (h *HSMSession) LoadECKey(info KeyInfo) (*ECKeyPair, error) {
 	}
 	valid := ecdsa.VerifyASN1(ecPublicKey, hash[:], sig)
 	if !valid {
-		slog.Error("pkcs11 VerifyASN1", "err", err)
+		slog.Error("pkcs11 VerifyASN1 failed",
+			"hash", hex.EncodeToString(hash[:]),
+			"sig", sig,
+			"ecPublicKey", ecPublicKey)
 		return nil, err
 	}
 	return &pair, nil