On 03/03/2014 04:31 AM, Raad Bahmani wrote: > Hello together, > > I need to implement a PKCS11-library which simulates a smart-card and > responds to login attempts with SSL certificates. > > I have found out that SSL needs the following mechanisms, so the > "C_GetMechanismList" of my library specifies them as supported. > > - CKM_SSL3_PRE_MASTER_KEY_GEN > - CKM_SSL3_MASTER_KEY_DERIVE > - CKM_SSL3_KEY_AND_MAC_DERIVE > - CKM_SSL3_MD5_MAC > - CKM_SSL3_SHA1_MAC > > When trying to login using SSL the following functions are called before > the firefox crashes ! :/ > > These are my questions: > > 1) What are these objects: ce534354, ce534353, b316030, > 102, 318c8130, e0d0302 It's not clear without context. These look like they could either be object ID's or Attribute ID's. The ones starting with ce5343xx are NSS specific attributes or objects. Your library can reject or ignore them (depending on context. 102 looks like a regular PKCS #11 addribute or id (depending on context). The others look like memory addresses, so there's nothing I can really tell about them. NSS never used those as PKCS #11 id's > 2) Where can I find (in cross-reference ) the source code of firefox/NSS > which communicates with my library ? The NSS specific id's are defined in lib/util/pkcs11n.h > 3) Which algorithm is used for login with SSL ? I'm not sure what you mean by 'login with SSL'. Do you mean create an SSL handshake? do you mean client auth? do you mean login to the token to use SSL? > > Thank you in advance. > - Raad > > > > > +----------------------------------------------- > C_GetFunctionList > +----------------------------------------------- > C_Initialize > +----------------------------------------------- > C_GetInfo > +----------------------------------------------- > C_GetSlotList > +----------------------------------------------- > C_GetSlotList > +----------------------------------------------- > C_GetSlotInfo > +----------------------------------------------- > C_GetTokenInfo > +----------------------------------------------- > C_GetMechanismList > +----------------------------------------------- > C_OpenSession with: > lag: 4l > slotId: 22l > +----------------------------------------------- > C_FindObjectsInit with: > session-handle: 100 > ulCount: 1 > Attr0 Value: ce534354 > +----------------------------------------------- > C_FindObjects with: > session-handle: 100 > +----------------------------------------------- > C_FindObjectsFinal > +----------------------------------------------- > C_GetSlotInfo > +----------------------------------------------- > C_FindObjectsInit with: > session-handle: 100 > ulCount: 4 > > template ======================== > Attr0 Type: 1 > Attr0 Value: 1 > Attr0 ulValueLen: 1 > -------------- > Attr1 Type: 0l > Attr1 Value: ce534353 > Attr1 ulValueLen: 8 > -------------- > Attr2 Type: 129l > Attr2 Value: b316030 > Attr2 ulValueLen: 98l > -------------- > Attr3 Type: 130l > Attr3 Value: 102 > Attr3 ulValueLen: 3l > +----------------------------------------------- > C_FindObjects with: > session-handle: 100 > ulMaxObjectCount: 1
What did you return here? This is a very basic Find object call looking for an object that you probably don't support, You should return no object here. > +----------------------------------------------- > C_FindObjectsFinal > +----------------------------------------------- > C_FindObjectsInit with: > session-handle: 100l > ulCount: 4l > template: > Attr0 Type: 1l > Attr0 Value X: 1 > Attr0 ulValueLen: 1l > -------------- > Attr1 Type: 0l > Attr1 Value: 1 > Attr1 ulValueLen: 8l > -------------- > Attr2 Type: 129l > Attr2 Value: 318c8130 > Attr2 ulValueLen: 143l > -------------- > Attr3 Type L: 130l > Attr3 Value: e0d0302 > Attr3 ulValueLen: 5l Here the objects are all standard PKCS #11 objects. You seemed to be confused about the attribute values. Please look at the PKCS #11 spec for what those values are. They are all there (note your tool is printing them as long decimal integers, but they are listed in the spec as hex values). > +----------------------------------------------- > C_FindObjects with: > session-handle: 100l > ulMaxObjectCount: 1l > +----------------------------------------------- > C_FindObjectsFinal It looks like you found an object and returned it as handle 71l > +----------------------------------------------- > C_GetAttributeValue with: > session-handle: 100l > hObject: 71l > ulCount: 2l > > template: > Attr0 Type X: 1l You are missing something here, our template should have 2 objects in it
smime.p7s
Description: S/MIME Cryptographic Signature
-- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
