[Bug 942381] [NEW] Cannot write objects to TPM token

Steve Atwell Mon, 27 Feb 2012 19:30:51 -0800

Public bug reported:

I cannot write objects to a TPM-backed opencryptoki token.  Although
writes appear to succeed and the count of objects seems to have been
updated, you can't read attributes from any objects or use them for
crypto operations.


This happens on Precise with version 2.3.1+dfsg-3 of opencryptoki.

Steps to reproduce (as root):
1.  Enable and clear the TPM in BIOS.
2.  Install trousers, opencryptoki, and opensc.
3.  Take ownership of the TPM with tpm_takeownership.
4.  Initialize the PKCS#11 token and set SO and user PINs:
        - pkcsconf -I -c 0 -S 87654321
        - pkcsconf -P -c 0 -S 87654321 -n 111111
        - pkcsconf -u -c 0 -S 111111 -n 000000
5.  Write any X.509 certificate in DER format to the token:
        - pkcs11-tool --module /usr/lib/opencryptoki/libopencryptoki.so.0 
--login --pin 000000 --write-object cert.der --type cert --id 1
6.  Attempt to list objects in the token:
        - pkcs11-tool --module /usr/lib/opencryptoki/libopencryptoki.so.0 
--login --pin 000000 -O

Expected results:
pkcs11-tool should list one certificate object and exit with no warnings.

Actual results:
pkcs11-tool reports lots of warnings and doesn't seem to know anything about 
the certificate:

--------
# pkcs11-tool --module /usr/lib/opencryptoki/libopencryptoki.so.0 --login --pin 
000000 -O                                        
Using slot 0 with a present token (0x0)
warning: PKCS11 function C_GetAttributeValue(CLASS) failed: rv = 
CKR_ATTRIBUTE_SENSITIVE (0x11)

Data object 1
warning: PKCS11 function C_GetAttributeValue(LABEL) failed: rv = 
CKR_ATTRIBUTE_SENSITIVE (0x11)

  label:          <empty>
warning: PKCS11 function C_GetAttributeValue(APPLICATION) failed: rv = 
CKR_ATTRIBUTE_SENSITIVE (0x11)

  application:    <empty>
warning: PKCS11 function C_GetAttributeValue(OBJECT_ID) failed: rv = 
CKR_ATTRIBUTE_SENSITIVE (0x11)

  app_id:         <empty>
warning: PKCS11 function C_GetAttributeValue(MODIFIABLE) failed: rv = 
CKR_ATTRIBUTE_SENSITIVE (0x11)

warning: PKCS11 function C_GetAttributeValue(PRIVATE) failed: rv =
CKR_ATTRIBUTE_SENSITIVE (0x11)

  flags:          
--------

Additionally, no object file seems to have been written to disk.
Opencryptoki should have written a numbered object file to
/var/lib/opencryptoki/tpm/root/TOK_OBJ, but this directory is empty.

** Affects: opencryptoki (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/942381

Title:
  Cannot write objects to TPM token

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/opencryptoki/+bug/942381/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 942381] [NEW] Cannot write objects to TPM token

Reply via email to