On Sat, 27 Nov 2004, David Corcoran wrote:
Date: Sat, 27 Nov 2004 08:49:24 -0500 From: David Corcoran <[EMAIL PROTECTED]> Reply-To: MUSCLE <[EMAIL PROTECTED]> To: MUSCLE <[EMAIL PROTECTED]> Subject: Re: [Muscle] pkcs11: Strange code, what does it mean?
Hi,
This has kind of been a debate for some time, whether information about private objects should be released without authentication. Again, I believe this to be a previous Netscape / Mozilla issue because it needed to do a C_ListObjects and see what existed on the card - if it found a cert but not a matching private key I think it failed to continue. Of course it could not do anything with the private objects until it verified a chv.
We welcome any changes / fixes you might have.....
I have the fix. The problem is simple: Mozilla reads objects before verifying a pin (why it does it - I don't know). Then it verifies the PIN and reads objects again. However, the muscle PKCS11 module caches the objects from before the verification and reuses them after verification. In the case of unreadable objects: objects are missing.
Simple solution: Use the already existing code to have the list of objects updated after a verification.
Patch attached.
I did the following: I added a flags member to the P11_Slot struct and I set a flag indicating to reread objects at slot state-change time (a state change happens upon verification)
The next time FindObjectsInit gets called, the list of objects and keys gets updated - voila - Mozilla is happy (me too).
I will send another patch to the Muscle applet shortly, that changes the list objects and list keys commands to not list objects/keys the user does not have access to. The patch to the PKCS11 module and the patched applet work together beautifully.
But now: patch follows:
peter
diff -ur muscleframework-1.1.5-org/libmusclepkcs11/include/cryptoki.h
muscleframework-1.1.5/libmusclepkcs11/include/cryptoki.h
--- muscleframework-1.1.5-org/libmusclepkcs11/include/cryptoki.h Fri Aug
29 16:18:04 2003
+++ muscleframework-1.1.5/libmusclepkcs11/include/cryptoki.h Sun Nov 28
09:21:34 2004
@@ -200,10 +200,13 @@
P11_Object *objects; /* List of objects */
P11_MechInfo *mechanisms; /* List of mechanisms */
P11_Pin pins[2]; /* Array of cached PIN's */
+ CK_FLAGS flags; /* Some information bits (see below) */
MSCStatusInfo status_info; /* Status of token */
MSCTokenConnection conn; /* Connection to token */
} P11_Slot;+#define P11_SLOT_REREAD_OBJECTS 1
+
/* A session with one slot. */
typedef struct _P11_Session
{
diff -ur muscleframework-1.1.5-org/libmusclepkcs11/src/p11_object.c
muscleframework-1.1.5/libmusclepkcs11/src/p11_object.c
--- muscleframework-1.1.5-org/libmusclepkcs11/src/p11_object.c Fri Nov 26
15:52:54 2004
+++ muscleframework-1.1.5/libmusclepkcs11/src/p11_object.c Sun Nov 28
09:34:19 2004
@@ -536,8 +539,11 @@
}
}- if (st.prefs.multi_app || !slot->objects)
+ if (st.prefs.multi_app || !slot->objects || + (slot->flags & P11_SLOT_REREAD_OBJECTS))
{
+ slot->flags &= ~P11_SLOT_REREAD_OBJECTS;
+
if (!CKR_ERROR(rv = slot_BeginTransaction(session->session.slotID)))
{
msc_rv = msc_ListKeys(&slot->conn, MSC_SEQUENCE_RESET, &keyInfo);
diff -ur muscleframework-1.1.5-org/libmusclepkcs11/src/p11x_object.c muscleframework-1.1.5/libmusclepkcs11/src/p11x_object.c
--- muscleframework-1.1.5-org/libmusclepkcs11/src/p11x_object.c Fri Nov 28 10:47:13 2003
+++ muscleframework-1.1.5/libmusclepkcs11/src/p11x_object.c Sun Nov 28 09:29:43 2004
@@ -1453,12 +1453,10 @@
ck_attrib.pValue = &priv;
ck_attrib.ulValueLen = sizeof(priv);
-/*
if (object_MatchAttrib(&ck_attrib, object))
objACL.readPermission =
(MSCUShort16)object_MapPIN(st.prefs.user_pin_num);
else
-*/
- objACL.readPermission = MSC_AUT_ALL;
+ objACL.readPermission = MSC_AUT_ALL; objACL.writePermission =
(MSCUShort16)object_MapPIN(st.prefs.user_pin_num);
objACL.deletePermission =
(MSCUShort16)object_MapPIN(st.prefs.user_pin_num);
diff -ur muscleframework-1.1.5-org/libmusclepkcs11/src/p11x_slot.c
muscleframework-1.1.5/libmusclepkcs11/src/p11x_slot.c
--- muscleframework-1.1.5-org/libmusclepkcs11/src/p11x_slot.c Sat Oct 4
10:30:18 2003
+++ muscleframework-1.1.5/libmusclepkcs11/src/p11x_slot.c Sun Nov 28
09:40:09 2004
@@ -931,6 +931,8 @@
else
{
st.slots[slotID - 1].pin_state = 0; /* Fixme: create #define for this
*/
+ /* mark the slot to update its objects and keys */
+ st.slots[slotID - 1].flags |= P11_SLOT_REREAD_OBJECTS; session_l = st.sessions;
while (session_l)
@@ -984,6 +986,8 @@
else
{
st.slots[slotID - 1].pin_state = 1; /* Fixme: create #define for this
*/
+ /* mark the slot to update its objects and keys */
+ st.slots[slotID - 1].flags |= P11_SLOT_REREAD_OBJECTS; session_l = st.sessions;
while (session_l)
Thanks, Dave
On Nov 27, 2004, at 3:13 AM, Peter Stamfest wrote:
David,
On Fri, 26 Nov 2004, David Corcoran wrote:
Date: Fri, 26 Nov 2004 16:28:24 -0500 From: David Corcoran <[EMAIL PROTECTED]> Reply-To: MUSCLE <[EMAIL PROTECTED]> To: MUSCLE <[EMAIL PROTECTED]> Subject: Re: [Muscle] pkcs11: Strange code, what does it mean? Hi Peter,
Earlier versions of Netscape and Mozilla had some bugs where it asked for some attributes in little endian format
which it was supposed to ask for them in big endian format. This is left over from that. It can probably be removed assuming these are fixed .....
Thanks for the answer, another question follows:
Why was the check for CKA_PRIVATE being true commented out in this code snipplet in p11x_object? It leads to the situation that, e.g., private key attributes can be read without being logged into the applet.
(around line 1455):
priv = 0x01; ck_attrib.type = CKA_PRIVATE; ck_attrib.pValue = &priv; ck_attrib.ulValueLen = sizeof(priv);
/*
if (object_MatchAttrib(&ck_attrib, object))
objACL.readPermission = (MSCUShort16)object_MapPIN(st.prefs.user_pin_num);
else
*/
objACL.readPermission = MSC_AUT_ALL;
It might be the case that some other code has to be fixed to make this work again, but thats the better alternative.
The CVS log does not say why this was done.
My question also partly relates to the question asked (but left unanswered) here:
http://archives.neohapsis.com/archives/dev/muscle/2003-q1/0163.html
I am very interested in an answer to those comments.
Currently, I have my doubts that the musclecard applet and its pkcs11 module can be used seriously. The applet misses some functionality (eg. deleting keys, the list keys and list objects commands give out information about keys and objects without prior authentication), and (sorry) the code quality of the PKCS11 module is questionable.
I am willing to contribute to fix those shortcomings (if others perceive them the same) as far as my (very limited) time permits.
OTOH, I may be wrong completely and have misconceptions about the topic, which might be the more likely alternative anyway. ;-)
_______________________________________________ Muscle mailing list [EMAIL PROTECTED] http://lists.drizzle.com/mailman/listinfo/muscle
