Re: [opensc-devel] Error retrieving info on pkcs11 public key objects

Mon, 15 May 2006 11:49:00 -0700 

Albert Solana wrote:

El dt 09 de 05 del 2006 a les 15:23 +0200, en/na Nils Larsch va
escriure:

Albert Solana wrote:

Hi all,

Using the command "pkcs11-tool -O -l" to list all objects on a smart
card, I have some errors on some public key objects:

warning: PKCS11 function C_GetAttributeValue(MODULUS_BITS) failed: rv =
CKR_ATTRIBUTE_TYPE_INVALID (0x12)
However, I have realized that there are duplicated public keys objects, corresponding to the same public key. This occurs because when create_tokens is called OpenSC creates a pkcs11 object for any object listed on pkcs#15 structure. So, on __pkcs15_create_pubkey_object call, the public keys objects listed on pkcs15 structure are created. And, on __pkcs15_create_cert_object call a public key object is created for any certificate listed on pkcs15 structure, without checking whether a public key object with the same ID already exists. 

I think that this behaviour is reasonable if there is no public key created
for its respective certificate, but creates another object for the same public 
key.
So whenever I used the above command, OpenSC shows errors retrieving info on the objects created from pkcs15 structure, the first ones. And the info of the ones created from the respective cert objects is well shown. 

I suggest a solution and I attach a patch which I've tested and solved the 
problem:

Whenever a certificate pkcs11 object is being created using
__pkcs15_create_cert_object, it creates also its public key. I think it would be
better to check if there is already a public key object with the same ID as the
certificate one. If it exists, a function should fill the missing information
from the certificate despite of creating a new object.
Sorry for my heavy and long mail. Could you check my patch and apply it on OpenSC code? 

Thanks a lot,


------------------------------------------------------------------------

Index: src/pkcs11/framework-pkcs15.c
===================================================================
--- src/pkcs11/framework-pkcs15.c       (revision 2884)
+++ src/pkcs11/framework-pkcs15.c       (working copy)
@@ -254,6 +254,40 @@
        return 0;
 }
+static int public_key_created(struct pkcs15_fw_data *fw_data, 
+                             const unsigned int num_objects,
+ const u8 *id, + const size_t size_id, 
+                             struct pkcs15_any_object **obj2)
+{
+  int found = 0;
+  int ii=0;
+
+  while(ii<num_objects && !found) {
+ + if (!fw_data->objects[ii]->p15_object) { 
+      ii++;
+      continue;
+    }
+ if ((fw_data->objects[ii]->p15_object->type != SC_PKCS15_TYPE_PUBKEY) && + (fw_data->objects[ii]->p15_object->type != SC_PKCS15_TYPE_PUBKEY_RSA) && 
+       (fw_data->objects[ii]->p15_object->type != SC_PKCS15_TYPE_PUBKEY_DSA)) {
+      ii++;
+      continue;
+    }
+    if (memcmp(fw_data->objects[ii]->p15_object->data, id, size_id) == 0) {

this is not so nice as this makes some implicit assumptions about
the layout of the sc_pkcs15_*_info types.


I realize that, but i haven't found any other way to implement it.


 Otherwise the patch looks ok.


So, I deduce that the patch is going to be committed.


please test a recent snapshot

Cheers,
Nils
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Reply via email to