Problesm generating a keypair with pkcs11-tool and libmusclepkcs11.so

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Problesm generating a keypair with pkcs11-tool and libmusclepkcs11.so

Geoffrey Elgey-2
G'day,

Has anyone generated a key pair using pkcs11-tool and libmusclepkcs11.so?

The first problem I have is that pkcs11-tool cannot load
libmusclepkcs11.so, unless I change the dlopen flags from RTLD_NOW to
RTLD_LAZY.

Secondly, when I try to generate a keypair, I get an "Invalid attribute
value" error:

   $ pkcs11-tool --module /usr/local/lib/libmusclepkcs11.so --slot 1
     --pin 00000000 --id 1234 --keypairgen
   error: PKCS11 function C_GenerateKeyPair failed: rv =
   CKR_ATTRIBUTE_VALUE_INVALID (0x13)

   Aborting.

This occurred when libmusclepkcs11.so could not find an attribute
representing CKA_TOKEN in the public key template.

I made the following change to src/tools/pkcs11-tool.c:

--- src/tools/pkcs11-tool.c     2005-06-07 19:25:36.528817000 -0600
+++ src/tools/pkcs11-tool.c     2005-06-07 19:26:07.656084936 -0600
@@ -1007,6 +1007,7 @@
         CK_OBJECT_CLASS privkey_class = CKO_PRIVATE_KEY;
         CK_ATTRIBUTE publicKeyTemplate[20] = {
                 {CKA_CLASS, &pubkey_class, sizeof(pubkey_class)},
+                {CKA_TOKEN, &_true, sizeof(_true)},
                 {CKA_ENCRYPT, &_true, sizeof(_true)},
                 {CKA_VERIFY, &_true, sizeof(_true)},
                 {CKA_WRAP, &_true, sizeof(_true)},


Which gets past the invalid attribute error, but then fails later with:

   $ pkcs11-tool --module /usr/local/lib/libmusclepkcs11.so --slot 1
   --pin 00000000 --id 1234 --keypairgen
   error: PKCS11 function C_GenerateKeyPair failed: rv =
   CKR_FUNCTION_FAILED (0x6)

   Aborting.

The PKCS11.log shows:

   07/06 19:28:26 (p11x_object.c 841): error: 0x9C12 "End of sequence"
   07/06 19:28:26 (p11x_object.c 837): error: 0x9C12 "End of sequence"
   07/06 19:28:26 KeySize: 768
   07/06 19:28:26 KeyNum: 8
   07/06 19:28:26 (p11x_object.c 866): error: 0x9C10 "Incorrect P1
   parameter"
   07/06 19:28:26 (p11_key.c 118): error: 0x6 "CKR_FUNCTION_FAILED"


So at this point I throw my hands in the air and wonder if anyone else
has had any luck using libmusclepkcs11.so with pkcs11-tool.

Note: I'm using opensc-20050524 and opensc-20050530, and libmusclepkcs11
was downloade via CVS today.

-- Geoff
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Problesm generating a keypair with pkcs11-tool and libmusclepkcs11.so

Ludovic Rousseau
On 08/06/05, Geoffrey Elgey <[hidden email]> wrote:
> G'day,
>
> Has anyone generated a key pair using pkcs11-tool and libmusclepkcs11.so?
>
> The first problem I have is that pkcs11-tool cannot load
> libmusclepkcs11.so, unless I change the dlopen flags from RTLD_NOW to
> RTLD_LAZY.

You should correct this problem first. Some symbols are missing.

I propose to use something like:
--- scdl/scdl.c (revision 2347)
+++ scdl/scdl.c (working copy)
@@ -72,7 +72,11 @@ dlfcn_open(scdl_context_t *mod, const ch
        }
 
        if (mod->handle == NULL)
+       {
                mod->handle = dlopen(name, flags);
+               if (mod->handle == NULL)
+                       printf(dlerror());
+       }
 
        if (ldenv)
                free(ldenv);

It would be better to use sc_error() but I don't knwo where to get the
context from.

Bye,

--
 Dr. Ludovic Rousseau
 For private mail use [hidden email] and not "big brother" Google
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Problesm generating a keypair with pkcs11-tool and libmusclepkcs11.so

Peter Stuge
On Wed, Jun 08, 2005 at 12:02:33PM +0200, Ludovic Rousseau wrote:
> +                       printf(dlerror());

..make that

printf("%s\n",dlerror());


//Peter
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel