Re: [Opencryptoki-tech] [PATCH 1/2] Return default public exponent if not stored and/or returned by the TPM token device

Fri, 14 Jan 2011 08:50:36 -0800 

Diego Elio Pettenò <[email protected]> wrote:


> @@ -120,6 +123,7 @@ CK_ULONG  usage_count = 0; // variable for number of 
> times the DLL has been used
> 
>  CK_C_INITIALIZE_ARGS cinit_args = { NULL, NULL, NULL, NULL, 0, NULL };
> 
> +CK_BYTE pub_exp[] = { 0x1, 0x0, 0x1 }; // 65537

I don't get this patch.

Is there an actually valid scenario where the public exponent is simply
not stored or not returned by the TPM device? Is 0x010001 the default
exponent to be considered in those cases per the TPM spec?

On Fri, 14 Jan 2011 01:17:55 +0100
>  extern void stlogterm();
>  extern void stloginit();
> @@ -1926,11 +1930,34 @@ CK_RV SC_GetAttributeValue( ST_SESSION_HANDLE  
> sSession,
>        goto done;
>     }
> 
> +   for (i=0; i<ulCount; i++) {
> +      if (pTemplate[i].type == CKA_PUBLIC_EXPONENT) {
> +         // 'object_mgr_get_attribute_values' requires the buffer to be
> +         // of the right size, otherwise it will fail with a too generic
> +         // error code. if buffer is too small, return to the caller
> +         // failure with more appropriate (specific) error code.
> +         if (pTemplate[i].ulValueLen < sizeof(pub_exp)) {
> +            rc = CKR_BUFFER_TOO_SMALL;
> +            goto done;
> +         }
> +      }
> +   }

I'm not following that. From quick inspection to the
object_get_attribute_values() function in
usr/lib/pkcs11/common/object.c, looks like it is following the spec, returning
CKR_BUFFER_TOO_SMALL and more important: continuing processing for the
other template attributes (which your code is not).

Can you be more specific to what issue you're seeing here?


 -Klaus


-- 
Klaus Heinrich Kiwi | [email protected] | http://blog.klauskiwi.com
Open Source Security blog :     http://www.ratliff.net/blog
IBM Linux Technology Center :   http://www.ibm.com/linux/ltc

------------------------------------------------------------------------------
Protect Your Site and Customers from Malware Attacks
Learn about various malware tactics and how to avoid them. Understand 
malware threats, the impact they can have on your business, and how you 
can protect your company and customers by using code signing.
http://p.sf.net/sfu/oracle-sfdevnl
_______________________________________________
Opencryptoki-tech mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/opencryptoki-tech

Reply via email to