Hello,
I am implementing a PKCS#11 module. I would like to implement
authentication on my device (using a pin-pad) everytime a signature is
requested from it. The idea is that on C_SignInit, I ask the user for
the PIN and if the PIN is incorrect (or user has cancelled for whatever
reason), it should return CKR_FUNCTION_CANCELED.
Now I am facing a problem with Thunderbird. I choose to compose a new
message and let it be signed (of course, I provide an invalid PIN to my
device deliberately). The first time Thunderbird just pops up an error
message that it was unable to sign - and that is fine. However, when I
try to send the message again (and it is going to get signed again),
Thunderbird crashes/acts in a weird way. Sometimes it wants to send a
bug report to Mozilla, but most of the time it ends up with a C++
runtime error and an empty little window behind the error message
(screenshot 2). Sometimes it hangs on "Creating mail message..." (with
the progress bar moving) and a little empty window behind it (screenshot 1).
Screenshot 1: http://img6.glowfoto.com/images/2010/12/10-0954327898L.png
Screenshot 2: http://img4.glowfoto.com/images/2010/12/10-1150202661L.png
I have eliminated bugs on my side by returning CKR_FUNCTION_CANCELED
straight from my DLL module as follows:
CK_RV CK_ENTRY C_SignInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR
pMechanism, CK_OBJECT_HANDLE hKey)
{
return CKR_FUNCTION_CANCELED;
}
In my pkcs11spy-log everything looks normal (as when it's working):
88: C_OpenSession
[in] slotID = 0x0
[in] flags = 0x4
pApplication=065F4000
Notify=6004A378
[out] *phSession = 0x2
Returned: 0 CKR_OK
89: C_SignInit
[in] hSession = 0x2
pMechanism->type=CKM_RSA_PKCS
[in] hKey = 0x2
Returned: 84 CKR_FUNCTION_NOT_SUPPORTED
90: C_CloseSession
[in] hSession = 0x2
Returned: 0 CKR_OK
Before this, I tried to do the same in C_Sign (not C_SignInit) but it
crashed as well. I thought that I did it wrong and it should be right in
C_SignInit but it seems I was wrong again.
Looks like a bug in Thunderbird to me, but if anyone has any ideas on
how to circumvent it (or maybe I am doing a mistake somewhere), please
let me know. Thanks in advance.
M. Kurpel
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto