El dt 09 de 05 del 2006 a les 15:23 +0200, en/na Nils Larsch va
escriure:
> Albert Solana wrote:
> > Hi all,
> >
> > Using the command "pkcs11-tool -O -l" to list all objects on a smart
> > card, I have some errors on some public key objects:
> >
> > warning: PKCS11 function C_GetAttributeValue(MODULUS_BITS) failed: rv =
> > CKR_ATTRIBUTE_TYPE_INVALID (0x12)
> >
> > However, I have realized that there are duplicated public keys objects,
> > corresponding to the same public key. This occurs because when
> > create_tokens
> > is called OpenSC creates a pkcs11 object for any object listed on pkcs#15
> > structure. So, on __pkcs15_create_pubkey_object call, the public keys
> > objects
> > listed on pkcs15 structure are created. And, on __pkcs15_create_cert_object
> > call
> > a public key object is created for any certificate listed on pkcs15
> > structure,
> > without checking whether a public key object with the same ID already
> > exists.
> >
> > I think that this behaviour is reasonable if there is no public key created
> > for its respective certificate, but creates another object for the same
> > public key.
> > So whenever I used the above command, OpenSC shows errors retrieving info
> > on the
> > objects created from pkcs15 structure, the first ones. And the info of the
> > ones created
> > from the respective cert objects is well shown.
> >
> > I suggest a solution and I attach a patch which I've tested and solved the
> > problem:
> >
> > Whenever a certificate pkcs11 object is being created using
> > __pkcs15_create_cert_object, it creates also its public key. I think it
> > would be
> > better to check if there is already a public key object with the same ID as
> > the
> > certificate one. If it exists, a function should fill the missing
> > information
> > from the certificate despite of creating a new object.
> >
> > Sorry for my heavy and long mail.
> > Could you check my patch and apply it on OpenSC code?
> >
> > Thanks a lot,
> >
> >
> > ------------------------------------------------------------------------
> >
> > Index: src/pkcs11/framework-pkcs15.c
> > ===================================================================
> > --- src/pkcs11/framework-pkcs15.c (revision 2884)
> > +++ src/pkcs11/framework-pkcs15.c (working copy)
> > @@ -254,6 +254,40 @@
> > return 0;
> > }
> >
> > +static int public_key_created(struct pkcs15_fw_data *fw_data,
> > + const unsigned int num_objects,
> > + const u8 *id,
> > + const size_t size_id,
> > + struct pkcs15_any_object **obj2)
> > +{
> > + int found = 0;
> > + int ii=0;
> > +
> > + while(ii<num_objects && !found) {
> > +
> > + if (!fw_data->objects[ii]->p15_object) {
> > + ii++;
> > + continue;
> > + }
> > + if ((fw_data->objects[ii]->p15_object->type != SC_PKCS15_TYPE_PUBKEY)
> > &&
> > + (fw_data->objects[ii]->p15_object->type != SC_PKCS15_TYPE_PUBKEY_RSA) &&
> > + (fw_data->objects[ii]->p15_object->type != SC_PKCS15_TYPE_PUBKEY_DSA)) {
> > + ii++;
> > + continue;
> > + }
> > + if (memcmp(fw_data->objects[ii]->p15_object->data, id, size_id) == 0) {
>
> this is not so nice as this makes some implicit assumptions about
> the layout of the sc_pkcs15_*_info types.
I realize that, but i haven't found any other way to implement it.
> Otherwise the patch looks ok.
So, I deduce that the patch is going to be committed.
>
> Cheers,
> Nils
Thanks,
--
Albert Solana Berengué
[EMAIL PROTECTED]
C3PO, S.L.
http://www.c3po.es
C/Bertran, 113 - 08023 Barcelona
Tel. 93 417 99 55 - Fax. 93 253 12 80
_______________________________________________
opensc-devel mailing list
[email protected]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
