Re: [TrouSerS-tech] [TrouSerS-users] Bug in Tspi_ChangeAuth ?

Fri, 16 Oct 2009 13:14:11 -0700 

Hi,

I've been already taking a look at your previous email about this.

The main issue is that the hNewPolicy parameter is described as:
"Handle of the policy object _providing the new authorization data_."

The authorization data prompt should be done using Tspi calls, I agree,
but not necessarily inside Tspi_ChangeAuth.

So, for the new policy you're submitting to Tspi_ChangeAuth you must
call Tspi_Policy_SetSecret() with TSS_SECRET_MODE_POPUP mode set. Are
you doing it this way? The same must be done with the currently assigned
key object's policy. Let us know if it still doesn't work.

Thanks,
Rajiv Andrade
IBM LTC Security Development
                                           
On Fri, 2009-10-16 at 15:23 -0400, Wyllys Ingersoll wrote:
> Is it a bug that one cannot use the TSS_SECRET_MODE_POPUP mode for the
> old and new policies when calling Tspi_ChangeAuth?  
> 
> Ideally, I would like to utilize the built-in prompting mechanisms
> instead of having to write my  program to prompt for the passwords,
> but Tspi_ChangeAuth never calls the functions that cause the user
> to be prompted, they just return "auth failed" if the POPUP method
> is specified because the auth secrets never get initialized.
> 
> This seems like a bug, the spec does not say that you cannot use 
> those modes with the policies involved in the ChangeAuth command.
> 
> thoughts?
> 
> thanks,
> -Wyllys
> 
> ------------------------------------------------------------------------------
> Come build with us! The BlackBerry(R) Developer Conference in SF, CA
> is the only developer event you need to attend this year. Jumpstart your
> developing skills, take BlackBerry mobile applications to market and stay 
> ahead of the curve. Join us from November 9 - 12, 2009. Register now!
> http://p.sf.net/sfu/devconference
> _______________________________________________
> TrouSerS-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/trousers-users


------------------------------------------------------------------------------
Come build with us! The BlackBerry(R) Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay 
ahead of the curve. Join us from November 9 - 12, 2009. Register now!
http://p.sf.net/sfu/devconference
_______________________________________________
TrouSerS-tech mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/trousers-tech

Reply via email to