-
Bug
-
Resolution: Unresolved
-
Minor
-
None
-
rhel-9.3.0
-
None
-
Low
-
rhel-sst-security-crypto
-
ssg_security
-
None
-
False
-
-
None
-
None
-
None
-
None
-
If docs needed, set a value
-
-
Unspecified
-
None
Description of problem:
When multiple tokens are present p11tool options --info and --list-all display objects present on all available tokens - not only objects on the token specified by URL.
This is contradictory to manpage:
"--list-all List all available objects in a token.
All objects available in the token will be listed. That includes objects which are potentially unaccessible using this tool"
--info List information on an available object in a token"
Version-Release number of selected component (if applicable):
gnutls-utils-3.6.14-7.el8_3.x86_64
How reproducible:
always
Steps to Reproduce:
1. prepare multiple tokens with objects(for example with softhsm and pkcs11-tool)
a) create software tokens with softhsm:
- softhsm2-util --init-token --slot 0 --so-pin 1234 --pin 111111 --label Token1
- softhsm2-util --init-token --slot 1 --so-pin 1234 --pin 222222 --label Token2
- softhsm2-util --init-token --slot 2 --so-pin 1234 --pin 333333 --label Token3
b) add keys to tokens by pkcs11-tool - pkcs11-tool --module /usr/lib64/pkcs11/libsofthsm2.so --keypairgen --token-label Token1 --label rsa1 --pin 111111 -v --key-type rsa:1024
- pkcs11-tool --module /usr/lib64/pkcs11/libsofthsm2.so --keypairgen --token-label Token2 --label rsa2 --pin 222222 -v --key-type rsa:1024
- pkcs11-tool --module /usr/lib64/pkcs11/libsofthsm2.so --keypairgen --token-label Token3 --label rsa3 --pin 333333 -v --key-type rsa:1024
2. List tokens to see their URLs: - p11tool --list-tokens
3. List object with p11tool --list-all or --info - p11tool --list-all TOKEN1-URL
Actual results:
- p11tool --list-all pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=22552c41b305ab09;token=Token1
Object 0:
URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=0d5717b2b939d0a2;token=Token2;object=rsa2;type=public
Type: Public key (RSA-1024)
Label: rsa2
Flags: CKA_WRAP/UNWRAP;
ID:
Object 1:
URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=146abd9f618316f6;token=Token1;object=rsa1;type=public
Type: Public key (RSA-1024)
Label: rsa1
Flags: CKA_WRAP/UNWRAP;
ID:
Object 2:
URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=a7abf29bf593d653;token=Token3;object=rsa3;type=public
Type: Public key (RSA-1024)
Label: rsa3
Flags: CKA_WRAP/UNWRAP;
ID:
Expected results:
Only object present on Token1 are listed.
Additional info:
