[Muscle] CAC, musclepkcs11, and session closing.

Fri, 07 Jul 2006 13:09:12 -0700

I've patched & rebuilt musclecardframework-1.1.5 from Debian and patched the commonAccessCard bundle library (pulled from darwinsource 10.4.6) as described at https://airborne.nrl.navy.mil/PKI/. 

pcsc_scan, bundleTool and muscleTool are all fine.
I've got libmusclepkcs11 added to Firefox 1.5.0.4 and it works fine; I can client auth to websites without a problem.
pam_muscle works fine. However, I'd prefer pam_pkcs11 as it does certificate validation. But with pam_pkcs11 and Geoff Elgey's session pkcs11 tester I snagged from this list's archives, I'm seeing a segfault when the session is closed. I'm also seeing a similar problem with a colleague's java code-signing utility; an exception is invariably thrown when the session is closed.
This is happening with all the CAC cardstock I have access to, but I've not been able to test with non-CAC tokens. 

The PKCS11.log follows.

Can anyone offer any insight?  Is there a further patch I'm missing?

-- Tim

07/07 14:24:09 +C_GetFunctionList : start
07/07 14:24:09  -C_GetFunctionList : end RV(0x0)
07/07 14:24:09 +C_Initialize : start
07/07 14:24:09 Using non-native (application supplied) thread locks
07/07 14:24:09 Application does not allow thread creation; disabling threaded slot watcher 
07/07 14:24:09 All threading disabled
07/07 14:24:09 Added reader: SCM SCR 331 00 00
07/07 14:24:09 Active session list:
07/07 14:24:09 Slot 1 changed
07/07 14:24:09 Attempting establish
07/07 14:24:09 Establish connection
07/07 14:24:09 Begin transaction: 1,            rv=0
07/07 14:24:09 Token: Common Access Card
07/07 14:24:09 Card supports RSA
07/07 14:24:09 Card supports RSA NOPAD
07/07 14:24:09 End transaction: 1,              rv=0
07/07 14:24:09 (p11_general.c 115): error: 0x32 "CKR_DEVICE_REMOVED"
07/07 14:24:09  -C_Initialize : end RV(0x0)
07/07 14:24:09 +C_OpenSession : start
07/07 14:24:09 Active session list:
07/07 14:24:09 Attempting establish
07/07 14:24:09 New session handle: 1
07/07 14:24:09  -C_OpenSession : end RV(0x0)
07/07 14:24:09 +C_Login : start
07/07 14:24:09 Active session list:
07/07 14:24:09 Session ID: 804AE28
07/07 14:24:09 Attempting establish
07/07 14:24:09 Begin transaction: 1,            rv=0
07/07 14:24:09 Verifying USER PIN
07/07 14:24:16 End transaction: 1,              rv=0
07/07 14:24:16  -C_Login : end RV(0x0)
07/07 14:24:16 +C_Logout : start
07/07 14:24:16 Active session list:
07/07 14:24:16 Session ID: 804AE28
07/07 14:24:16 Attempting establish
07/07 14:24:16 Begin transaction: 1,            rv=0
07/07 14:24:16 (p11_session.c 376): error: 0x9C05 "Feature unsupported"
07/07 14:24:16 End transaction: 1,              rv=0
07/07 14:24:16  -C_Logout : end RV(0x0)
07/07 14:24:16 +C_CloseSession : start
07/07 14:24:16 Active session list:
07/07 14:24:16 Session ID: 804AE28
07/07 14:24:16 Slot 1 changed
07/07 14:24:16 Removing session: 1
07/07 14:24:16 Releasing connection (slot_DisconnectSlot)
07/07 14:24:17 (p11x_slot.c 241): error: 0x9C59 "Handle is invalid"
07/07 14:24:17 Attempting establish
07/07 14:24:17 Establish connection
07/07 14:24:17 (p11x_slot.c 148): error: 0x9C59 "Handle is invalid"
07/07 14:24:17 MSCEstablishConnection failed
07/07 14:24:17 (p11x_slot.c 33): error: 0x6 "CKR_FUNCTION_FAILED"
07/07 14:24:17 Begin transaction: 1,            rv=6
07/07 14:24:17 (p11x_slot.c 1112): error: 0x6 "CKR_FUNCTION_FAILED"
07/07 14:24:17 Removing session: 0

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
Muscle mailing list
[email protected]
http://lists.drizzle.com/mailman/listinfo/muscle

Reply via email to