G'day,
David Corcoran wrote:
I think you added that code in the wrong spot. The function you added
it to is an internal function which deletes memory. This is likely why
you are seeing the strange behavior. Take that same code and add it to
p11_object.c in C_DestroyObject. This is where you want to put that ....
Further details on the proposed patch for destroying PKCS#11 objects.
I've attached two patches: one that modifies the function
object_FreeObject in p11x_object.c, and one that modifies the
C_DestroyObject function in p11_object.c. Both are fundamentally
similar, and C_DestroyObject calls object_FreeObject anyway, so I'm not
sure that I can see a reason why one would fail and the other would
succeed. But the p11x_object.c patch succeeds in destroying PCKS#11
objects, while the p11_object.c patch fails.
Starting with an empty card (as confirmed by musleTool), I ran my object
deletion test on the original code base, which failed:
## Loading module: /usr/local/lib/libmusclepkcs11.so ...ok
## Opening session for slot = 01 ... ok
## Performing login with PIN '00000000' .... ok
## Creating data object ... ok (handle = 0x804C290)
## Deleting object 0x804C290 ... ok
## Searching for data object ... ok (object=0x804C290)
Error: data object was not deleted
Using muscleTool, it can be seen that the PKCS#11 object is still present:
muscle [MuscleCard Applet] > list
Object ID Object Size READ WRITE DELETE
----------------- ----------- ------ ------ ------
o0 512 ALWAYS PIN #1 PIN #1
O0 4 PIN #1 PIN #1 PIN #1
Next I used muscleTool to delete the objects from the card, applied the
p11x_object patch, and ran my object deletion test:
## Loading module: /usr/local/lib/libmusclepkcs11.so ...ok
## Opening session for slot = 01 ... ok
## Performing login with PIN '00000000' .... ok
## Creating data object ... ok (handle = 0x804C290)
## Deleting object 0x804C290 ... *** Deleting object with ID 'O0' ... ok
*** Deleting object with ID 'o0' ... ok
ok
## Searching for data object ... ok (no objects found)
Test successful
## Finalizing ... ok
This has succeeded, and the debug log and muscleTool output also
confirms that the created data object has been deleted:
26/05 07:30:20 +C_DestroyObject : start
26/05 07:30:20 Object handle: 804C290
26/05 07:30:20 Removing object: 804C290
26/05 07:30:21 Removing attribute: 804C640
26/05 07:30:21 Removing attribute: 804C610
26/05 07:30:21 Removing attribute: 804C5F0
26/05 07:30:21 Removing attribute: 804C5C0
26/05 07:30:21 Removing attribute: 804C590
26/05 07:30:21 Removing attribute: 804C550
26/05 07:30:21 Removing attribute: 804C508
26/05 07:30:21 -C_DestroyObject : end RV(0x0)
muscle [MuscleCard Applet] > list
Object ID Object Size READ WRITE DELETE
----------------- ----------- ------ ------ ------
ERR: ListObjects Failed (0x9C12 End of sequence)
I ran this test a number of times, without error.
Next I reversed the p11x_object.c patch, applied the p11_object.c patch,
and ran the object deletion test:
$ ./p11-delete-data-object-test --module
/usr/local/lib/libmusclepkcs11.so --slot 1 --pin 00000000
## Loading module: /usr/local/lib/libmusclepkcs11.so ...ok
## Opening session for slot = 01 ... ok
## Performing login with PIN '00000000' .... ok
## Creating data object ... ok (handle = 0x804C290)
## Deleting object 0x804C290 ... *** Deleting object with ID 'O0' ... failed
*** Deleting object with ID 'o0' ... failed
ok
## Searching for data object ... ok (object=0x804CFD8)
Error: data object was not deleted
It can be seen that moving the msc_FreeObject call now fails if it is
moved from object_FreeObject to C_DestroyObject. This is confirmed by
the debug log:
26/05 07:39:02 +C_DestroyObject : start
26/05 07:39:02 Object handle: 804C290
26/05 07:39:02 (p11_object.c 286): error: 0x9C05 "Feature unsupported"
26/05 07:39:02 (p11_object.c 297): error: 0x9C05 "Feature unsupported"
26/05 07:39:02 Removing object: 804C290
26/05 07:39:02 Removing attribute: 804C640
26/05 07:39:02 Removing attribute: 804C610
26/05 07:39:02 Removing attribute: 804C5F0
26/05 07:39:02 Removing attribute: 804C5C0
26/05 07:39:02 Removing attribute: 804C590
26/05 07:39:02 Removing attribute: 804C550
26/05 07:39:02 Removing attribute: 804C508
26/05 07:39:02 -C_DestroyObject : end RV(0x0)
and by muscleTool:
muscle [MuscleCard Applet] > list
Object ID Object Size READ WRITE DELETE
----------------- ----------- ------ ------ ------
o0 512 ALWAYS PIN #1 PIN #1
O0 4 PIN #1 PIN #1 PIN #1
Now I don't know why calling msc_FreeObject in C_DestroyObject fails
with "Feature unsupported", but works when called from
object_FreeObject. It's probably got something to do the list handling
in object_FreeObject.
PS: both patches include printf statements, as I got seg faults when
calling the log functions. If either patch is to be entered into CVS,
then the printfs should be removed, and replaced with log calls (that
hopefully do not seg fault).
-- Geoff
--- src/p11_object.c 2003-10-04 18:30:18.000000000 +1000
+++ src/p11_object.c 2005-05-26 07:55:33.000000000 +1000
@@ -235,6 +235,7 @@
{
CK_RV rv = CKR_OK;
P11_Session *session; // = (P11_Session *)hSession;
+ P11_Object *object;
P11_LOG_START("C_DestroyObject");
@@ -247,6 +248,50 @@
}
log_Log(LOG_LOW, "Object handle: %lX", hObject);
+
+ object = (P11_Object *) hObject;
+ if (object->msc_obj)
+ {
+ char obj_id[MSC_MAXSIZE_OBJID];
+ P11_Slot *slot = &st.slots[session->session.slotID];
+
+ /*
+ * The PKCS#11 object is stored under two MSC object IDs. The
+ * first MSC object contains the value of the CKA_VALUE attribute,
+ * and has an ID such as "O0". The second MSC object contains the
+ * values of the remaining PKCS#11 data object attributes (such
+ * as CKA_APPLICATION, CKA_LABEL, etc) and has an ID such as
+ * "o0" (that is, the ID of the first object, with the initial
+ * letter converted to lower case).
+ */
+
+ /* Get a copy of the object ID */
+ strncpy((char *) obj_id, object->msc_obj->objectID,
+ sizeof (obj_id));
+
+ /* Delete the first MSC object (ie, the CKA_VALUE) */
+ /* TODO check for error code? */
+ printf ("*** Deleting object with ID '%s' ... ", (char *) obj_id);
+ if (MSC_ERROR(msc_DeleteObject(&slot->conn, (char *) obj_id, 0))) {
+ printf ("failed\n");
+ }
+ else {
+ printf ("ok\n");
+ }
+
+ /* Delete the second MSC object (ie, the other attributes) */
+ obj_id[0] = tolower(obj_id[0]);
+ /* TODO check for error code? */
+ printf ("*** Deleting object with ID '%s' ... ", (char *) obj_id);
+ if (MSC_ERROR(msc_DeleteObject(&slot->conn, (char *) obj_id, 0))) {
+ printf ("failed\n");
+ }
+ else {
+ printf ("ok\n");
+ }
+
+ }
+
object_FreeObject(session->session.slotID, (P11_Object *)hObject);
finish:
--- src/p11x_object.c 2003-11-28 19:47:13.000000000 +1000
+++ src/p11x_object.c 2005-05-26 08:01:30.000000000 +1000
@@ -80,7 +80,47 @@
st.slots[slotID].objects = 0x00;
if (object->msc_obj)
+ {
+ char obj_id[MSC_MAXSIZE_OBJID];
+ P11_Slot *slot = &st.slots[slotID];
+
+ /*
+ * The PKCS#11 object is stored under two MSC object IDs. The
+ * first MSC object contains the value of the CKA_VALUE attribute,
+ * and has an ID such as "O0". The second MSC object contains the
+ * values of the remaining PKCS#11 data object attributes (such
+ * as CKA_APPLICATION, CKA_LABEL, etc) and has an ID such as
+ * "o0" (that is, the ID of the first object, with the initial
+ * letter converted to lower case).
+ */
+
+ /* Get a copy of the object ID */
+ strncpy((char *) obj_id, object->msc_obj->objectID,
+ sizeof (obj_id));
+
+ /* Delete the first MSC object (ie, the CKA_VALUE) */
+ /* TODO check for error code? */
+ printf ("*** Deleting object with ID '%s' ... ", (char *) obj_id);
+ if (MSC_ERROR(msc_DeleteObject(&slot->conn, (char *) obj_id, 0))) {
+ printf ("failed\n");
+ }
+ else {
+ printf ("ok\n");
+ }
+
+ /* Delete the second MSC object (ie, the other attributes) */
+ obj_id[0] = tolower(obj_id[0]);
+ /* TODO check for error code? */
+ printf ("*** Deleting object with ID '%s' ... ", (char *) obj_id);
+ if (MSC_ERROR(msc_DeleteObject(&slot->conn, (char *) obj_id, 0))) {
+ printf ("failed\n");
+ }
+ else {
+ printf ("ok\n");
+ }
+
free(object->msc_obj);
+ }
if (object->msc_key)
free(object->msc_key);
_______________________________________________
Muscle mailing list
[email protected]
http://lists.drizzle.com/mailman/listinfo/muscle
