New issue
Advanced search Search tips

Issue 910455 link

Starred by 1 user
Status: Available
Owner: ----
Cc:
apronin@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Feature



Sign in to add a comment

Fix errors when running the test of opensc pkcs11-tool in chaps

Project Member Reported by menghuan@chromium.org, Nov 30 
Since libchaps should work with any client that uses PKCS#11 API, it is better to pass the API test of each client.

Setup on DUT:
USE=-pcsc-lite emerge-$BOARD opensc
cros deploy $dut opensc

Run pkcs11-tool on DUT:
localhost ~ # pkcs11-tool --module=`ls /usr/lib**/libchaps.so` -v -t
Using slot 0 with a present token (0x0)
C_SeedRandom() and C_GenerateRandom():
[1114/015607:ERROR:chaps.cc(1693)] C_GenerateRandom - CKR_ARGUMENTS_BAD
  ERR: C_GenerateRandom(buf1,0) failed: CKR_ARGUMENTS_BAD (0x7)
Digests:
  all 4 digest functions seem to work
  MD5: OK
  SHA-1: OK
[1114/015607:ERROR:chaps.cc(980)] C_DigestInit - CKR_MECHANISM_INVALID
[1114/015607:ERROR:chaps.cc(1013)] C_Digest - CKR_BUFFER_TOO_SMALL
Signatures (currently only RSA signatures)
  testing key 0 (_default)
  all 4 signature functions seem to work
[1114/015610:ERROR:chaps.cc(1128)] C_Sign - CKR_BUFFER_TOO_SMALL
  testing signature mechanisms:
[1114/015610:ERROR:chaps.cc(1094)] C_SignInit - CKR_MECHANISM_INVALID
    RSA-PKCS: OK
    SHA1-RSA-PKCS: OK
    MD5-RSA-PKCS: OK
[1114/015612:ERROR:chaps.cc(1094)] C_SignInit - CKR_MECHANISM_INVALID
  testing key 1 (2048 bits, label=wrapper) with 1 signature mechanism -- can't be used to sign/verify, skipping
Verify (currently only for RSA):
  testing key 0 (_default)
[1114/015612:ERROR:chaps.cc(1094)] C_SignInit - CKR_MECHANISM_INVALID
    RSA-PKCS: OK
    SHA1-RSA-PKCS: OK
    MD5-RSA-PKCS: OK
[1114/015615:ERROR:chaps.cc(1094)] C_SignInit - CKR_MECHANISM_INVALID
  testing key 1 (wrapper) with 1 mechanism
 -- can't be used to sign/verify, skipping
Unwrap: not implemented
Decryption (RSA)
  testing key 0 (_default)
    RSA-PKCS: OK
[1114/015616:ERROR:chaps.cc(863)] C_DecryptInit - CKR_KEY_TYPE_INCONSISTENT
error: PKCS11 function C_DecryptInit failed: rv = CKR_KEY_TYPE_INCONSISTENT (0x63)

Aborting.
    DES-ECB:
[EOM]

Comment 1 by menghuan@chromium.org, Nov 30

Cc: -menghuan@chromium.org

Comment 2 by louiscollard@chromium.org, Dec 12

Cc: apronin@chromium.org
Andrey - is it actually a goal to provide a fully functional pkcs11 interface? Should this test pass or can we just close this?

Comment 3 by apronin@chromium.org, Dec 12 

Upper layers assume pkcs11 interface, they know little about chaps specifics. So, if something doesn't work as expected, it makes sense to take a look. But that doesn't mean we have to fix all issues reported by pkcs11-tool.

Sign in to add a comment