Re: [Muscle] Questions about musclecard

Tue, 23 Feb 2010 01:00:29 -0800 

On Feb 23, 2010, at 12:32 AM, Nick Sayer wrote:

>> 
> 
> Well, if I turn on the tracing in libmusclepkcs11, what I see is that when 
> attempting to fetch the 0x103 (sensitive) and 0x162 (exportable) attributes 
> on the key, the error is being returned. The JCE PKCS11 provider is 
> attempting to use those attributes to determine whether or not the key is 
> available to be returned, or, instead, it should use a shim object to wrap 
> the key ID (which is going to be the case for an RSA private key).
> 
> It gets back the ATTRIBUTE_TYPE_INVALID and vomits.
> 
> I have spent the entire evening trying to write a bogus workaround that 
> detects this situation and instead returns a boolean TRUE for 103 and FALSE 
> for 162, only to wind up being hopelessly bogged down in trying to figure out 
> how to make up the return type.
> 
> Meanwhile, I wonder to myself why the applet wouldn't have those attributes 
> set that way for a private key.
> 

Well, I did manage to figure it out. If pTemplate[i].ulValueLength is 0, then 
it's apparently a "probe" to see how much space is necessary, so in my error 
detector, I set that length to 1 and if pTemplate[i].pValue is non-null, I copy 
in a 1 for 0x103 and a 0 for 0x162.

That got me further. Now jarsigner says CKR_FUNCTION_NOT_SUPPORTED.

The tail end of the log:

23/02 00:50:06 +C_SignInit : start
23/02 00:50:06 Active session list:
23/02 00:50:06 Session ID: 28CFE060
23/02 00:50:06 Session ID: 28CFE0B0
23/02 00:50:06 Sign object handle: 0x28DC4260
23/02 00:50:06  -C_SignInit : end RV(0x0)
23/02 00:50:06 +C_SignUpdate : start
23/02 00:50:06 Function not supported
23/02 00:50:06 (p11x_log.c 51): error: 0x54 "CKR_FUNCTION_NOT_SUPPORTED"
23/02 00:50:06  -C_SignUpdate : end RV(0x54)

And, sure enough,

    P11_LOG_START("C_SignUpdate");

    thread_MutexLock(st.async_lock);

    rv = CKR_FUNCTION_NOT_SUPPORTED;
    log_Log(LOG_MED, "Function not supported");

    thread_MutexUnlock(st.async_lock);

    P11_LOG_END("C_SignUpdate");


sigh.


_______________________________________________
Muscle mailing list
[email protected]
http://lists.drizzle.com/mailman/listinfo/muscle

Reply via email to