Hello,
I am trying to implement a PKCS#11 module for my diploma thesis. It is
intended to be used with thunderbird. I am using opensc pkcs11-spy
module to debug it. I have a problem for quite some days I don't seem to
be able to solve myself.
At first, thunderbird searches for token certificates
(CKA_CLASS=CKO_CERTIFICATE and CKA_TOKEN=TRUE). I am returning an object
with handle 0x1 (letting thunderbird know I have such a certificate).
Later, thunderbird asks for its attributes CKA_TOKEN and CKA_LABEL but
gives zero-sized buffers for both values. This is where my problem lies
- I don't know what to return and if I have to fill the values in the
template or not. According to the specification (if I understood
correctly), I should return CKR_BUFFER_TOO_SMALL and fill the ulValueLen
properties to the length of the two attribute values, which makes
perfect sense. Then thunderbird should ask for the values again (by
calling C_GetAttributeValue again), but with the right buffer sizes. The
problem is that it does not. It only tries to find token objects with
CKA_CLASS CKO_NETSCAPE_TRUST and then some CKO_NETSCAPE_CRLs, that is all.
I found some examples on the internet, where instead of
CKR_BUFFER_TOO_SMALL they return CKR_OK and everything works. For me it
does not - as soon as I return CKR_OK, thunderbird crashes after leaving
C_GetAttributeValue with the zero-sized buffers.
So what should I do? I am really at loss now. I am attaching the
appropriate part of the logs. Thanks for all responses.
(PKCS11-SPY LOG BEGIN; uninteresting items omitted)
11: C_FindObjectsInit
[in] hSession = 0x1
[in] pTemplate[2]:
CKA_TOKEN True
CKA_CLASS CKO_CERTIFICATE
Returned: 0 CKR_OK
12: C_FindObjects
[in] hSession = 0x1
[in] ulMaxObjectCount = 0xa
[out] ulObjectCount = 0x1
Object 1 Matches
Returned: 0 CKR_OK
13: C_FindObjectsFinal
[in] hSession = 0x1
Returned: 0 CKR_OK
14: C_GetAttributeValue
[in] hSession = 0x1
[in] hObject = 0x1
[in] pTemplate[2]:
CKA_TOKEN requested with 0 buffer
CKA_LABEL requested with 0 buffer
[out] pTemplate[2]:
CKA_TOKEN has size 1
CKA_LABEL has size 41
Returned: 336 CKR_BUFFER_TOO_SMALL
15: C_FindObjectsInit
[in] hSession = 0x1
[in] pTemplate[2]:
CKA_TOKEN True
CKA_CLASS CKO_NETSCAPE_TRUST
Returned: 19 CKR_ATTRIBUTE_VALUE_INVALID
16: C_FindObjectsInit
[in] hSession = 0x1
[in] pTemplate[2]:
CKA_CLASS CKO_NETSCAPE_CRL
CKA_SUBJECT [size : 0x48 (72)]
3046310B 30090603 55040613 02555331 13301106 0355040A 130A476F 6F676C65
20496E63 31223020 06035504 03131947 6F6F676C 6520496E 7465726E 65742041
7574686F 72697479
Returned: 19 CKR_ATTRIBUTE_VALUE_INVALID
17: C_FindObjectsInit
[in] hSession = 0x1
[in] pTemplate[2]:
CKA_CLASS CKO_NETSCAPE_CRL
CKA_SUBJECT [size : 0x50 (80)]
304E310B 30090603 55040613 02555331 10300E06 0355040A 13074571 75696661
78312D30 2B060355 040B1324 45717569 66617820 53656375 72652043 65727469
66696361 74652041 7574686F 72697479
Returned: 19 CKR_ATTRIBUTE_VALUE_INVALID
18: C_FindObjectsInit
[in] hSession = 0x1
[in] pTemplate[2]:
CKA_CLASS CKO_NETSCAPE_CRL
CKA_SUBJECT [size : 0xBD (189)]
3081BA31 0B300906 03550406 13025553 31173015 06035504 0A130E56 65726953
69676E2C 20496E63 2E311F30 1D060355 040B1316 56657269 5369676E 20547275
7374204E 6574776F 726B313B 30390603 55040B13 32546572 6D73206F 66207573
65206174 20687474 70733A2F 2F777777 2E766572 69736967 6E2E636F 6D2F7270
61202863 29303631 34303206 03550403 132B5665 72695369 676E2043 6C617373
20332045 7874656E 64656420 56616C69 64617469 6F6E2053 534C2043 41
Returned: 19 CKR_ATTRIBUTE_VALUE_INVALID
19: C_FindObjectsInit
[in] hSession = 0x1
[in] pTemplate[2]:
CKA_CLASS CKO_NETSCAPE_CRL
CKA_SUBJECT [size : 0xCD (205)]
3081CA31 0B300906 03550406 13025553 31173015 06035504 0A130E56 65726953
69676E2C 20496E63 2E311F30 1D060355 040B1316 56657269 5369676E 20547275
7374204E 6574776F 726B313A 30380603 55040B13 31286329 20323030 36205665
72695369 676E2C20 496E632E 202D2046 6F722061 7574686F 72697A65 64207573
65206F6E 6C793145 30430603 55040313 3C566572 69536967 6E20436C 61737320
33205075 626C6963 20507269 6D617279 20436572 74696669 63617469 6F6E2041
7574686F 72697479 202D2047 35
Returned: 19 CKR_ATTRIBUTE_VALUE_INVALID
20: C_FindObjectsInit
[in] hSession = 0x1
[in] pTemplate[2]:
CKA_CLASS CKO_NETSCAPE_CRL
CKA_SUBJECT [size : 0x50 (80)]
304E310B 30090603 55040613 02555331 10300E06 0355040A 13074571 75696661
78312D30 2B060355 040B1324 45717569 66617820 53656375 72652043 65727469
66696361 74652041 7574686F 72697479
Returned: 19 CKR_ATTRIBUTE_VALUE_INVALID
21: C_FindObjectsInit
[in] hSession = 0x1
[in] pTemplate[2]:
CKA_CLASS CKO_NETSCAPE_CRL
CKA_SUBJECT [size : 0x68 (104)]
3066310B 30090603 55040613 02555331 15301306 0355040A 130C4469 67694365
72742049 6E633119 30170603 55040B13 10777777 2E646967 69636572 742E636F
6D312530 23060355 0403131C 44696769 43657274 20486967 68204173 73757261
6E636520 43412D33
Returned: 19 CKR_ATTRIBUTE_VALUE_INVALID
22: C_FindObjectsInit
[in] hSession = 0x1
[in] pTemplate[2]:
CKA_CLASS CKO_NETSCAPE_CRL
CKA_SUBJECT [size : 0x6E (110)]
306C310B 30090603 55040613 02555331 15301306 0355040A 130C4469 67694365
72742049 6E633119 30170603 55040B13 10777777 2E646967 69636572 742E636F
6D312B30 29060355 04031322 44696769 43657274 20486967 68204173 73757261
6E636520 45562052 6F6F7420 4341
Returned: 19 CKR_ATTRIBUTE_VALUE_INVALID
(PKCS11-SPY LOG END - after letting thunderbird running, it does not
care about the certificate again)
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
