Hi all,
Using the command "pkcs11-tool -O -l" to list all objects on a smart
card, I have some errors on some public key objects:
warning: PKCS11 function C_GetAttributeValue(MODULUS_BITS) failed: rv =
CKR_ATTRIBUTE_TYPE_INVALID (0x12)
However, I have realized that there are duplicated public keys objects,
corresponding to the same public key. This occurs because when create_tokens
is called OpenSC creates a pkcs11 object for any object listed on pkcs#15
structure. So, on __pkcs15_create_pubkey_object call, the public keys objects
listed on pkcs15 structure are created. And, on __pkcs15_create_cert_object
call
a public key object is created for any certificate listed on pkcs15 structure,
without checking whether a public key object with the same ID already exists.
I think that this behaviour is reasonable if there is no public key created
for its respective certificate, but creates another object for the same public
key.
So whenever I used the above command, OpenSC shows errors retrieving info on
the
objects created from pkcs15 structure, the first ones. And the info of the ones
created
from the respective cert objects is well shown.
I suggest a solution and I attach a patch which I've tested and solved the
problem:
Whenever a certificate pkcs11 object is being created using
__pkcs15_create_cert_object, it creates also its public key. I think it would be
better to check if there is already a public key object with the same ID as the
certificate one. If it exists, a function should fill the missing information
from the certificate despite of creating a new object.
Sorry for my heavy and long mail.
Could you check my patch and apply it on OpenSC code?
Thanks a lot,
--
Albert Solana Berengué
[EMAIL PROTECTED]
C3PO, S.L.
http://www.c3po.es
C/Bertran, 113 - 08023 Barcelona
Tel. 93 417 99 55 - Fax. 93 253 12 80
Index: src/pkcs11/framework-pkcs15.c
===================================================================
--- src/pkcs11/framework-pkcs15.c (revision 2884)
+++ src/pkcs11/framework-pkcs15.c (working copy)
@@ -254,6 +254,40 @@
return 0;
}
+static int public_key_created(struct pkcs15_fw_data *fw_data,
+ const unsigned int num_objects,
+ const u8 *id,
+ const size_t size_id,
+ struct pkcs15_any_object **obj2)
+{
+ int found = 0;
+ int ii=0;
+
+ while(ii<num_objects && !found) {
+
+ if (!fw_data->objects[ii]->p15_object) {
+ ii++;
+ continue;
+ }
+ if ((fw_data->objects[ii]->p15_object->type != SC_PKCS15_TYPE_PUBKEY) &&
+ (fw_data->objects[ii]->p15_object->type != SC_PKCS15_TYPE_PUBKEY_RSA) &&
+ (fw_data->objects[ii]->p15_object->type != SC_PKCS15_TYPE_PUBKEY_DSA)) {
+ ii++;
+ continue;
+ }
+ if (memcmp(fw_data->objects[ii]->p15_object->data, id, size_id) == 0) {
+ *obj2 = (struct pkcs15_any_object *) fw_data->objects[ii];
+ found=1;
+ } else
+ ii++;
+ }
+
+ if (found)
+ return SC_SUCCESS;
+ else
+ return SC_ERROR_OBJECT_NOT_FOUND;
+}
+
static int
__pkcs15_create_cert_object(struct pkcs15_fw_data *fw_data,
struct sc_pkcs15_object *cert, struct pkcs15_any_object **cert_object)
@@ -283,12 +317,15 @@
object->cert_data = p15_cert;
/* Corresponding public key */
- rv = __pkcs15_create_object(fw_data, (struct pkcs15_any_object **) &obj2,
- NULL, &pkcs15_pubkey_ops,
- sizeof(struct pkcs15_pubkey_object));
+ rv = public_key_created(fw_data, fw_data->num_objects, p15_info->id.value, p15_info->id.len, (struct pkcs15_any_object **) &obj2);
+
+ if (rv != SC_SUCCESS)
+ rv = __pkcs15_create_object(fw_data, (struct pkcs15_any_object **) &obj2,
+ NULL, &pkcs15_pubkey_ops,
+ sizeof(struct pkcs15_pubkey_object));
if (rv < 0)
- return rv;
-
+ return rv;
+
if (p15_cert) {
obj2->pub_data = &p15_cert->key;
obj2->pub_data = (sc_pkcs15_pubkey_t *)calloc(1, sizeof(sc_pkcs15_pubkey_t));
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
