Re: [opensc-devel] SCA for Snow Leopard built yet?

Thu, 10 Sep 2009 11:06:45 -0700 


On Sep 4, 2009, at 1:50 PM, Ludovic Rousseau wrote:


This is not directly related to the problem but Apple now provides a
PKCS#11 in /usr/libexec/SmartCardServices/pkcs11/tokendPKCS11.so
It's this tokend module that's failing for me causing me to want to put OpenSC *back* on the system. Any signing attempt with tokendPKCS11.so gives me the following (output from Firefox running with NSS_DEBUG_PKCS11_MODULE set): 

-1335791616[1a63a0e0]: C_OpenSession
-1335791616[1a63a0e0]:   slotID = 0x0
-1335791616[1a63a0e0]:   flags = 0x4
-1335791616[1a63a0e0]:   pApplication = 0x1a99800
-1335791616[1a63a0e0]:   Notify = 0x10af9b3
-1335791616[1a63a0e0]:   phSession = 0xb061667c
-1335791616[1a63a0e0]:   *phSession = 0x2
-1335791616[1a63a0e0]:   rv = CKR_OK
-1335791616[1a63a0e0]: C_SignInit
-1335791616[1a63a0e0]:   hSession = 0x2
-1335791616[1a63a0e0]:   pMechanism = 0xb06166cc
-1335791616[1a63a0e0]:   hKey = 0x2
-1335791616[1a63a0e0]:       mechanism = CKM_RSA_PKCS
-1335791616[1a63a0e0]:   rv = CKR_OK
-1335791616[1a63a0e0]: C_Sign
-1335791616[1a63a0e0]:   hSession = 0x2
-1335791616[1a63a0e0]:   pData = 0xb061679c
-1335791616[1a63a0e0]:   ulDataLen = 36
-1335791616[1a63a0e0]:   pSignature = 0x1b8c9240
-1335791616[1a63a0e0]:   pulSignatureLen = 0xb06166d8
-1335791616[1a63a0e0]:   *pulSignatureLen = 0x80
-1335791616[1a63a0e0]:   rv = CKR_FUNCTION_FAILED
-1335791616[1a63a0e0]: C_CloseSession
-1335791616[1a63a0e0]:   hSession = 0x2
-1335791616[1a63a0e0]:   rv = CKR_OK

This results in SSL_ERROR_SIGN_HASHES_FAILURE.

Also:
stovetop:bin tmiller$ ./pkcs11-tool --module /usr/libexec/ SmartCardServices/pkcs11/tokendPKCS11.so -L 
Available slots:
Slot 0           Apple Tokend
  token label:   CAC-4070-5072-3446-0000-6368
  token manuf:   unknown
  token model:   unknown
  token flags:   readonly, token initialized
  serial num  :  0
Slot 1           (empty)
Slot 2           (empty)
Slot 3           (empty)
stovetop:bin tmiller$ ./pkcs11-tool --module /usr/libexec/ SmartCardServices/pkcs11/tokendPKCS11.so -M 
Supported mechanisms:
  RSA-PKCS, sign, decrypt
  RSA-X-509, sign, decrypt
stovetop:bin tmiller$ ./pkcs11-tool -tl --module /usr/libexec/ SmartCardServices/pkcs11/tokendPKCS11.so 
C_SeedRandom() and C_GenerateRandom():
  seeding (C_SeedRandom) not supported
  ERR: C_GenerateRandom failed: CKR_FUNCTION_NOT_SUPPORTED (0x54)
Digests: not implemented
Signatures (currently only RSA signatures)
  testing key 0 (Identity Private Key)
  Note: C_SignUpdate(), SignFinal() not supported
error: PKCS11 function C_Sign failed: rv = CKR_FUNCTION_FAILED (0x6)

Aborting.

-- Tim

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Reply via email to